search

rwf2 / cookie-rs

HTTP cookie parsing and cookie jar management for Rust.
https://docs.rs/cookie
Apache License 2.0
312 stars 119 forks source link

Commas are not encoded correctly #205

Closed xr1s closed 2 years ago

xr1s commented 2 years ago

https://play.rust-lang.org/?version=stable&mode=debug&edition=2021&gist=3ae5c661a52cfe034bdcd96d0634b7b0

println!("{}", cookie::Cookie::new("comma", ",").encoded());
// expected: comma=%2C
// actually: comma=,

According to https://httpwg.org/specs/rfc6265.html#sane-cookie and the Set-Cookie section above, %x00-%x20, %x22, %x2C, %x3B, %x5C, a.k.a. control characters, CRLFs, double quotes ", comma ,, semicolon ; and backslash \ need to be encoded.

Commas have special meaning as delimiters in HTTP headers, and its encoding is essential to my understanding.