netty5/codec-http
Stephane Landelle d98b21be04 Validate cookie name and value characters Motivation:
RFC6265 specifies which characters are allowed in a cookie name and value.

Netty is currently too lax, which can used for HttpOnly escaping.

Modification:

In ServerCookieDecoder: discard cookie key-value pairs that contain invalid characters.
In ClientCookieEncoder: throw an exception when trying to encode cookies with invalid characters.

Result:

The problem described in the motivation section is fixed.
2015-05-07 06:36:40 +02:00
..
src Validate cookie name and value characters Motivation: 2015-05-07 06:36:40 +02:00
pom.xml [maven-release-plugin] prepare for next development iteration 2015-03-31 22:06:30 -04:00