git.ipfire.org Git - thirdparty/tornado.git/commit

]> git.ipfire.org Git - thirdparty/tornado.git/commit

projects / thirdparty / tornado.git / commit

author	Ben Darnell <ben@bendarnell.com>
	Fri, 6 Mar 2026 19:50:25 +0000 (14:50 -0500)
committer	Ben Darnell <ben@bendarnell.com>
	Fri, 6 Mar 2026 20:09:12 +0000 (15:09 -0500)
commit	459e1c3d3bbde42c14bcb5df1db08933ff72c797
tree	d51697560139932bd954fb1e2334a69146085a80	tree \| snapshot
parent	09d01939fc33483b7cf422a2493bf79be7845653	commit \| diff

web: Validate characters in all cookie attributes.

Our previous control character check was missing a check for
U+007F, and also semicolons, which are only allowed in quoted
parts of values. This commit checks all attributes and
updates the set of disallowed characters.

tornado/test/web_test.py		diff \| blob \| blame \| history
tornado/web.py		diff \| blob \| blame \| history

Mirror of https://github.com/tornadoweb/tornado.git

RSS Atom