tseaver
commented
9 years ago Thank you! I would be glad to review a PR which re-introduced the idea of a lenient cookie.
Closed jamur2 closed 9 years ago
tseaver
commented
9 years ago Thank you! I would be glad to review a PR which re-introduced the idea of a lenient cookie.
This addresses https://github.com/zopefoundation/zope.publisher/issues/3 (and reverses https://github.com/zopefoundation/zope.publisher/pull/2). It removes the
LenientCookiefunctionality, and updates the Cookie tests to pass under the new, stricter Cookie implementation in the latest Python releases.I feel bad about breaking the build, but I don't really have time to maintain
LenientCookie(or the expertise to watch for security issues), so this is the fastest path to getting the build passing again. If someone else wants to take up the mantle of parsing cookie strings securely but in a more lenient manner than the stdlib, have at it. If not, the PR should fix the immediate problem.