From: Stan Ulbrych Date: Mon, 8 Jun 2026 19:15:21 +0000 (+0100) Subject: [3.13] gh-149144: Use `decodeURIComponent()` for UTF-8 support in `js_output()` ... X-Git-Tag: v3.13.14~25 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=e7d4c3ff421916986223690a8425d2383f6f3802;p=thirdparty%2FPython%2Fcpython.git [3.13] gh-149144: Use `decodeURIComponent()` for UTF-8 support in `js_output()` (GH-149157) (#150949) Co-authored-by: Seth Larson --- diff --git a/Lib/http/cookies.py b/Lib/http/cookies.py index aebc2a163e44..2cffa2a9ad6e 100644 --- a/Lib/http/cookies.py +++ b/Lib/http/cookies.py @@ -389,18 +389,18 @@ class Morsel(dict): return '<%s: %s>' % (self.__class__.__name__, self.OutputString()) def js_output(self, attrs=None): - import base64 + import urllib.parse # Print javascript output_string = self.OutputString(attrs) if _has_control_character(output_string): raise CookieError("Control characters are not allowed in cookies") # Base64-encode value to avoid template # injection in cookie values. - output_encoded = base64.b64encode(output_string.encode('utf-8')).decode("ascii") + output_encoded = urllib.parse.quote(output_string, safe='', encoding='utf-8') return """ """ % (output_encoded,) diff --git a/Lib/test/test_http_cookies.py b/Lib/test/test_http_cookies.py index 88914123d513..c48d5d91c2b3 100644 --- a/Lib/test/test_http_cookies.py +++ b/Lib/test/test_http_cookies.py @@ -1,10 +1,10 @@ # Simple test suite for http/cookies.py -import base64 import copy import unittest import doctest from http import cookies import pickle +import urllib.parse from test import support from test.support.testcase import ExtraAssertions @@ -153,19 +153,19 @@ class CookieTests(unittest.TestCase, ExtraAssertions): self.assertEqual(C.output(['path']), 'Set-Cookie: Customer="WILE_E_COYOTE"; Path=/acme') - cookie_encoded = base64.b64encode(b'Customer="WILE_E_COYOTE"; Path=/acme; Version=1').decode('ascii') + cookie_encoded = urllib.parse.quote('Customer="WILE_E_COYOTE"; Path=/acme; Version=1', safe='', encoding='utf-8') self.assertEqual(C.js_output(), fr""" """) - cookie_encoded = base64.b64encode(b'Customer="WILE_E_COYOTE"; Path=/acme').decode('ascii') + cookie_encoded = urllib.parse.quote('Customer="WILE_E_COYOTE"; Path=/acme', safe='', encoding='utf-8') self.assertEqual(C.js_output(['path']), fr""" """) @@ -262,19 +262,19 @@ class CookieTests(unittest.TestCase, ExtraAssertions): self.assertEqual(C.output(['path']), 'Set-Cookie: Customer="WILE_E_COYOTE"; Path=/acme') - expected_encoded_cookie = base64.b64encode(b'Customer=\"WILE_E_COYOTE\"; Path=/acme; Version=1').decode('ascii') + expected_encoded_cookie = urllib.parse.quote('Customer=\"WILE_E_COYOTE\"; Path=/acme; Version=1', safe='', encoding='utf-8') self.assertEqual(C.js_output(), fr""" """) - expected_encoded_cookie = base64.b64encode(b'Customer=\"WILE_E_COYOTE\"; Path=/acme').decode('ascii') + expected_encoded_cookie = urllib.parse.quote('Customer=\"WILE_E_COYOTE\"; Path=/acme', safe='', encoding='utf-8') self.assertEqual(C.js_output(['path']), fr""" """) @@ -365,13 +365,14 @@ class MorselTests(unittest.TestCase): self.assertEqual( M.output(), "Set-Cookie: %s=%s; Path=/foo" % (i, "%s_coded_val" % i)) - expected_encoded_cookie = base64.b64encode( - ("%s=%s; Path=/foo" % (i, "%s_coded_val" % i)).encode("ascii") - ).decode('ascii') + expected_encoded_cookie = urllib.parse.quote( + "%s=%s; Path=/foo" % (i, "%s_coded_val" % i), + safe='', encoding='utf-8', + ) expected_js_output = """ """ % (expected_encoded_cookie,)