netty5/codec-http
Stephane Landelle 97d871a755 Validate cookie name and value characters Motivation:
RFC6265 specifies which characters are allowed in a cookie name and value.

Netty is currently too lax, which can used for HttpOnly escaping.

Modification:

In ServerCookieDecoder: discard cookie key-value pairs that contain invalid characters.
In ClientCookieEncoder: throw an exception when trying to encode cookies with invalid characters.

Result:

The problem described in the motivation section is fixed.
2015-05-07 06:33:36 +02:00
..
src Validate cookie name and value characters Motivation: 2015-05-07 06:33:36 +02:00
pom.xml [maven-release-plugin] prepare for next development iteration 2015-03-03 02:06:47 -05:00