RFR 8020758: HttpCookie constructor does not throw IAE when name contains a space
Michael McMahon
michael.x.mcmahon at oracle.com
Wed Oct 23 04:09:55 PDT 2013
I agree. The change looks fine to me.
Thanks
Michael
On 23/10/13 12:09, Chris Hegarty wrote:
> Mark, Michael,
>
> java.net.HttpCookie, rightly or wrongly, supports three different
> Cookie specifications. Some of these are conflicting, and there have
> been many many bugs reported against various "special" characters
> being accepted.
>
> This one is hopefully straight forward. The issue is specifically
> complaining about a space in the cookie name. Looking at the Netscape
> cookie draft [1] and RFC 2965 [2], they both seem to restrict a space
> in the cookie name, so I see no conflict in specs here. It seems
> reasonable to add this restriction.
>
> http://cr.openjdk.java.net/~chegar/8020758/webrev.00/
>
> Additionally, since we are now adding a further restriction on the
> accepted characters in the cookie name, there is a slight
> compatibility risk. I believe this risk to be very small, and cannot
> find any evidence of cookies with spaces in there names.
>
> Thanks,
> -Chris.
>
> [1]
> http://web.archive.org/web/20020803110822/http://wp.netscape.com/newsref/std/cookie_spec.html
> [2] http://www.ietf.org/rfc/rfc2965.txt
More information about the net-dev
mailing list