netty5

History

Stephane Landelle 97d871a755 Validate cookie name and value characters Motivation: RFC6265 specifies which characters are allowed in a cookie name and value. Netty is currently too lax, which can used for HttpOnly escaping. Modification: In ServerCookieDecoder: discard cookie key-value pairs that contain invalid characters. In ClientCookieEncoder: throw an exception when trying to encode cookies with invalid characters. Result: The problem described in the motivation section is fixed.	2015-05-07 06:33:36 +02:00
..
java/io/netty/example	Validate cookie name and value characters Motivation:	2015-05-07 06:33:36 +02:00
resources	Add logLevel property to enable different log levels for the examples.	2014-11-21 10:48:57 +09:00

Stephane Landelle 97d871a755 Validate cookie name and value characters Motivation:

RFC6265 specifies which characters are allowed in a cookie name and value.

Netty is currently too lax, which can used for HttpOnly escaping.

Modification:

In ServerCookieDecoder: discard cookie key-value pairs that contain invalid characters.
In ClientCookieEncoder: throw an exception when trying to encode cookies with invalid characters.

Result:

The problem described in the motivation section is fixed.

2015-05-07 06:33:36 +02:00

java/io/netty/example

Validate cookie name and value characters Motivation:

2015-05-07 06:33:36 +02:00

resources

Add logLevel property to enable different log levels for the examples.

2014-11-21 10:48:57 +09:00