Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

java/CookieHandler: escape cookie values when required #14486

Merged
merged 10 commits into from
Sep 17, 2024
Original file line number Diff line number Diff line change
Expand Up @@ -116,9 +116,9 @@ private Collection<Cookie> getCookies(HttpRequest request) {
private void addCookie(HttpResponse response, Cookie cook) {
StringBuilder cookie = new StringBuilder();

// TODO: escape string as necessary
String name = cook.getName();
cookie.append(name).append("=").append(cook.getValue()).append("; ");
String name = escapeCookieValue(cook.getName());
String value = escapeCookieValue(cook.getValue());
Delta456 marked this conversation as resolved.
Show resolved Hide resolved
cookie.append(name).append("=").append(value).append("; ");

append(cookie, cook.getDomain(), str -> "Domain=" + str);
append(cookie, cook.getPath(), str -> "Path=" + str);
Expand Down Expand Up @@ -191,4 +191,16 @@ private Cookie parse(String cookieString) {

return builder.build();
}
private String escapeCookieValue(String value) {
if (value == null) {
return "";
}

return value.replace("\\", "\\\\")
.replace("\"", "\\\"")
Delta456 marked this conversation as resolved.
Show resolved Hide resolved
.replace(";", "\\;")
.replace(",", "\\,")
.replace("\r", "")
.replace("\n", "");
Delta456 marked this conversation as resolved.
Show resolved Hide resolved
}
}