From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Eli Zaretskii <eliz@gnu.org>
Newsgroups: gmane.emacs.devel
Subject: Re: [PATCH] url: Wrap cookie headers in url-http--encode-string.
Date: Fri, 09 Sep 2016 22:49:07 +0300
Message-ID: <8337l8am6k.fsf@gnu.org>
References: <20160907153014.15752-1-toke@toke.dk>
	<jwvshtb4qc5.fsf-monnier+gmane.emacs.devel@gnu.org>
	<87inu7k5z4.fsf@toke.dk> <83bmzzaawr.fsf@gnu.org>
	<877fank1oc.fsf@toke.dk>
	<bb5f2760-fc3f-630c-290d-8108cad08405@yandex.ru>
	<87inu6iim8.fsf@toke.dk>
	<2563921f-d20d-753b-09eb-c8671bc5b6d6@yandex.ru>
	<87a8fiidso.fsf@toke.dk> <86d1kdq7cs.fsf@realize.ch>
	<83bmzwaopr.fsf@gnu.org> <8660q4ria9.fsf@realize.ch>
	<8360q4amyx.fsf@gnu.org> <861t0srh2s.fsf@realize.ch>
Reply-To: Eli Zaretskii <eliz@gnu.org>
NNTP-Posting-Host: blaine.gmane.org
X-Trace: blaine.gmane.org 1473450634 11710 195.159.176.226 (9 Sep 2016 19:50:34 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Fri, 9 Sep 2016 19:50:34 +0000 (UTC)
Cc: toke@toke.dk, emacs-devel@gnu.org, monnier@iro.umontreal.ca,
	dgutov@yandex.ru
To: Alain Schneble <a.s@realize.ch>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Sep 09 21:50:25 2016
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1biRoX-0001HK-Eu
	for ged-emacs-devel@m.gmane.org; Fri, 09 Sep 2016 21:50:17 +0200
Original-Received: from localhost ([::1]:59932 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1biRoV-0008FN-HE
	for ged-emacs-devel@m.gmane.org; Fri, 09 Sep 2016 15:50:15 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:47919)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eliz@gnu.org>) id 1biRnw-0008FH-Dc
	for emacs-devel@gnu.org; Fri, 09 Sep 2016 15:49:41 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eliz@gnu.org>) id 1biRns-00036Z-6n
	for emacs-devel@gnu.org; Fri, 09 Sep 2016 15:49:39 -0400
Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:50445)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@gnu.org>)
	id 1biRns-00036V-3c; Fri, 09 Sep 2016 15:49:36 -0400
Original-Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:1496
	helo=home-c4e4a596f7)
	by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
	(Exim 4.82) (envelope-from <eliz@gnu.org>)
	id 1biRnp-0006h5-32; Fri, 09 Sep 2016 15:49:35 -0400
In-reply-to: <861t0srh2s.fsf@realize.ch> (message from Alain Schneble on Fri, 
	9 Sep 2016 21:47:23 +0200)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel/>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:207334
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/207334>

> From: Alain Schneble <a.s@realize.ch>
> CC: <toke@toke.dk>, <dgutov@yandex.ru>, <monnier@iro.umontreal.ca>,
> 	<emacs-devel@gnu.org>
> Date: Fri, 9 Sep 2016 21:47:23 +0200
> 
> > That's not the issue.  The issue is whether a cookie-value can
> > legitimately have non-ASCII characters.  If it can, then we must
> > _encode_ the cookie-value, as that is the only correct way of getting
> > a unibyte string from non-ASCII characters.  And you pointed to an RFC
> > that seems to say non-ASCII characters in cookies are possible.
> 
> Yes true, but I thought that maybe fixing this as described could be a
> viable non-invasive alternative for the upcoming 25.1 release.

It wouldn't be safe if cookies could include non-ASCII characters.