gh-90309: Base64-encode cookie values embedded in JS#148848
gh-90309: Base64-encode cookie values embedded in JS#148848sethmlarson merged 3 commits intopython:mainfrom
Conversation
sethmlarson
requested review from
StanFromIreland,
encukou and
serhiy-storchaka
sethmlarson
force-pushed
the
morsel-js-output
branch
from
77d2b82 to
b8dd6e4
Compare
serhiy-storchaka
left a comment
serhiy-storchaka
left a comment
There was a problem hiding this comment.
LGTM, but I am not expert in JavaScript.
How old is the atob() function? Can we be sure that it is supported absolutely everywhere, not only in Firefox/Chromium clones?
This is the earliest date I was able to find, too. There are some references that it was a part of Netscape as well but nothing conclusive. |
StanFromIreland
left a comment
StanFromIreland
left a comment
There was a problem hiding this comment.
LGTM, one little note for the blurb as it's a bit vague.
sethmlarson
added
needs backport to 3.10
|
Thanks @sethmlarson for the PR 🌮🎉.. I'm working now to backport this PR to: 3.10. |
|
Thanks @sethmlarson for the PR 🌮🎉.. I'm working now to backport this PR to: 3.11. |
|
Thanks @sethmlarson for the PR 🌮🎉.. I'm working now to backport this PR to: 3.12. |
|
Thanks @sethmlarson for the PR 🌮🎉.. I'm working now to backport this PR to: 3.13. |
|
Thanks @sethmlarson for the PR 🌮🎉.. I'm working now to backport this PR to: 3.14. |
|
Sorry, @sethmlarson, I could not cleanly backport this to |
|
Sorry, @sethmlarson, I could not cleanly backport this to |
|
Sorry, @sethmlarson, I could not cleanly backport this to |
sethmlarson
removed
needs backport to 3.10
|
This is such a low severity and unlikely to be used that I'm going to forgo backporting to 3.12-3.10 unless someone asks for this. |
StanFromIreland
removed
needs backport to 3.13
4 participants
Avoids problems arising from embedding arbitrary characters in JavaScript in
.js_output()method. I'll be submitting a follow-up issue and PR to deprecate the function as suggested in #90309 cc @komi22