RFR 8020758: HttpCookie constructor does not throw IAE when name contains a space
Mark Sheppard
mark.sheppard at oracle.com
Wed Oct 23 04:20:49 PDT 2013
Hi Chris,
yes, I concur, also
regards
Mark
On 23/10/2013 12:09, Michael McMahon wrote:
> I agree. The change looks fine to me.
>
> Thanks
> Michael
>
> On 23/10/13 12:09, Chris Hegarty wrote:
>> Mark, Michael,
>>
>> java.net.HttpCookie, rightly or wrongly, supports three different
>> Cookie specifications. Some of these are conflicting, and there have
>> been many many bugs reported against various "special" characters
>> being accepted.
>>
>> This one is hopefully straight forward. The issue is specifically
>> complaining about a space in the cookie name. Looking at the Netscape
>> cookie draft [1] and RFC 2965 [2], they both seem to restrict a space
>> in the cookie name, so I see no conflict in specs here. It seems
>> reasonable to add this restriction.
>>
>> http://cr.openjdk.java.net/~chegar/8020758/webrev.00/
>>
>> Additionally, since we are now adding a further restriction on the
>> accepted characters in the cookie name, there is a slight
>> compatibility risk. I believe this risk to be very small, and cannot
>> find any evidence of cookies with spaces in there names.
>>
>> Thanks,
>> -Chris.
>>
>> [1]
>> http://web.archive.org/web/20020803110822/http://wp.netscape.com/newsref/std/cookie_spec.html
>> [2] http://www.ietf.org/rfc/rfc2965.txt
>
More information about the net-dev
mailing list