Remix clone Hacker News

    Firefox accepts five characters which RFC recommends that servers not send:

    0x09 (horizontal tab)
    0x20 (spaces)
    0x22 (double quotes)
    0x2C (commas)
    0x5C (backslashes)

I agree with at least some of these. Cookies without commas? Quotes?

▲ remram 5 days ago | parent | next [-]

Quotes in the value when quotes delimit the value? Yeah that seems dangerous to me.

▲

anamexis 5 days ago | parent [-]

Quotes don't delimit the value.

▲

pimlottc 5 days ago | parent [-]

Per the section 4.1.1 rules quoted in the article, cookie values can be optionally quoted:

> cookie-value = cookie-octet / ( DQUOTE cookie-octet DQUOTE )

▲

anamexis 5 days ago | parent [-]

That is true, but in that case they are part of the value itself, they're not doing anything special:

> Per the grammar above, the cookie-value MAY be wrapped in DQUOTE characters. Note that in this case, the initial and trailing DQUOTE characters are not stripped. They are part of the cookie-value, and will be included in Cookie header fields sent to the server.

▲

kangalioo 5 days ago | parent | next [-]

Why does the specification specifically mention them, then?

	▲	anamexis 5 days ago \| parent [-]
		To clarify that by the spec, double quotes are allowed in the cookie value, but only at the beginning and end. As for why that is, I have no idea.

▲

pimlottc 5 days ago | parent | prev [-]

Ah, thanks for the clarification!

▲ 5 days ago | parent | prev [-]

[deleted]