Use EscapeDataString for encoding Cookies
This commit is contained in:
parent
02363da94e
commit
765a52007a
|
|
@ -38,8 +38,8 @@ namespace Microsoft.AspNetCore.Http.Internal
|
||||||
public void Append(string key, string value)
|
public void Append(string key, string value)
|
||||||
{
|
{
|
||||||
var setCookieHeaderValue = new SetCookieHeaderValue(
|
var setCookieHeaderValue = new SetCookieHeaderValue(
|
||||||
UrlEncoder.Default.Encode(key),
|
Uri.EscapeDataString(key),
|
||||||
UrlEncoder.Default.Encode(value))
|
Uri.EscapeDataString(value))
|
||||||
{
|
{
|
||||||
Path = "/"
|
Path = "/"
|
||||||
};
|
};
|
||||||
|
|
@ -61,8 +61,8 @@ namespace Microsoft.AspNetCore.Http.Internal
|
||||||
}
|
}
|
||||||
|
|
||||||
var setCookieHeaderValue = new SetCookieHeaderValue(
|
var setCookieHeaderValue = new SetCookieHeaderValue(
|
||||||
UrlEncoder.Default.Encode(key),
|
Uri.EscapeDataString(key),
|
||||||
UrlEncoder.Default.Encode(value))
|
Uri.EscapeDataString(value))
|
||||||
{
|
{
|
||||||
Domain = options.Domain,
|
Domain = options.Domain,
|
||||||
Path = options.Path,
|
Path = options.Path,
|
||||||
|
|
@ -95,7 +95,7 @@ namespace Microsoft.AspNetCore.Http.Internal
|
||||||
throw new ArgumentNullException(nameof(options));
|
throw new ArgumentNullException(nameof(options));
|
||||||
}
|
}
|
||||||
|
|
||||||
var encodedKeyPlusEquals = UrlEncoder.Default.Encode(key) + "=";
|
var encodedKeyPlusEquals = Uri.EscapeDataString(key) + "=";
|
||||||
bool domainHasValue = !string.IsNullOrEmpty(options.Domain);
|
bool domainHasValue = !string.IsNullOrEmpty(options.Domain);
|
||||||
bool pathHasValue = !string.IsNullOrEmpty(options.Path);
|
bool pathHasValue = !string.IsNullOrEmpty(options.Path);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -172,15 +172,15 @@ namespace Microsoft.AspNetCore.Http.Internal
|
||||||
Assert.Null(cookies0["key0"]);
|
Assert.Null(cookies0["key0"]);
|
||||||
Assert.False(cookies0.ContainsKey("key0"));
|
Assert.False(cookies0.ContainsKey("key0"));
|
||||||
|
|
||||||
var newCookies = new[] { "name0=value0", "name1=value1" };
|
var newCookies = new[] { "name0=value0%2C", "%5Ename1=value1" };
|
||||||
request.Headers["Cookie"] = newCookies;
|
request.Headers["Cookie"] = newCookies;
|
||||||
|
|
||||||
cookies0 = RequestCookieCollection.Parse(newCookies);
|
cookies0 = RequestCookieCollection.Parse(newCookies);
|
||||||
var cookies1 = request.Cookies;
|
var cookies1 = request.Cookies;
|
||||||
Assert.Equal(cookies0, cookies1);
|
Assert.Equal(cookies0, cookies1);
|
||||||
Assert.Equal(2, cookies1.Count);
|
Assert.Equal(2, cookies1.Count);
|
||||||
Assert.Equal("value0", cookies1["name0"]);
|
Assert.Equal("value0,", cookies1["name0"]);
|
||||||
Assert.Equal("value1", cookies1["name1"]);
|
Assert.Equal("value1", cookies1["^name1"]);
|
||||||
Assert.Equal(newCookies, request.Headers["Cookie"]);
|
Assert.Equal(newCookies, request.Headers["Cookie"]);
|
||||||
|
|
||||||
var cookies2 = new RequestCookieCollection(new Dictionary<string,string>()
|
var cookies2 = new RequestCookieCollection(new Dictionary<string,string>()
|
||||||
|
|
|
||||||
|
|
@ -42,5 +42,20 @@ namespace Microsoft.AspNetCore.Http.Tests
|
||||||
Assert.Contains("expires=Thu, 01 Jan 1970 00:00:00 GMT", cookieHeaderValues[0]);
|
Assert.Contains("expires=Thu, 01 Jan 1970 00:00:00 GMT", cookieHeaderValues[0]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[InlineData("key", "value", "key=value")]
|
||||||
|
[InlineData("key,", "!value", "key%2C=%21value")]
|
||||||
|
[InlineData("ke#y,", "val^ue", "ke%23y%2C=val%5Eue")]
|
||||||
|
public void EscapesKeyValuesBeforeSettingCookie(string key, string value, string expected)
|
||||||
|
{
|
||||||
|
var headers = new HeaderDictionary();
|
||||||
|
var cookies = new ResponseCookies(headers);
|
||||||
|
|
||||||
|
cookies.Append(key, value);
|
||||||
|
|
||||||
|
var cookieHeaderValues = headers[HeaderNames.SetCookie];
|
||||||
|
Assert.Equal(1, cookieHeaderValues.Count);
|
||||||
|
Assert.StartsWith(expected, cookieHeaderValues[0]);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue