netty5

History

Stephane Landelle d98b21be04 Validate cookie name and value characters Motivation: RFC6265 specifies which characters are allowed in a cookie name and value. Netty is currently too lax, which can used for HttpOnly escaping. Modification: In ServerCookieDecoder: discard cookie key-value pairs that contain invalid characters. In ClientCookieEncoder: throw an exception when trying to encode cookies with invalid characters. Result: The problem described in the motivation section is fixed.	2015-05-07 06:36:40 +02:00
..
src	Validate cookie name and value characters Motivation:	2015-05-07 06:36:40 +02:00
pom.xml	[maven-release-plugin] prepare for next development iteration	2015-03-31 22:06:30 -04:00

Stephane Landelle d98b21be04 Validate cookie name and value characters Motivation:

RFC6265 specifies which characters are allowed in a cookie name and value.

Netty is currently too lax, which can used for HttpOnly escaping.

Modification:

In ServerCookieDecoder: discard cookie key-value pairs that contain invalid characters.
In ClientCookieEncoder: throw an exception when trying to encode cookies with invalid characters.

Result:

The problem described in the motivation section is fixed.

2015-05-07 06:36:40 +02:00

src

Validate cookie name and value characters Motivation:

2015-05-07 06:36:40 +02:00

pom.xml

[maven-release-plugin] prepare for next development iteration

2015-03-31 22:06:30 -04:00