[svn] Allow more characters in attribute name.

Published in <sxsr8wi9jeo.fsf@florida.arsdigita.de>.

diff --git a/src/ChangeLog b/src/ChangeLog
index 2eedc9873aa38714e8124e08c16978a01c674ec1..66cfca9d658a836beedb5c33b89f6562e3a96323 100644 (file)
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2001-06-18  Hrvoje Niksic  <hniksic@arsdigita.com>
+
+       * cookies.c (ATTR_NAME_CHAR): Allow almost any character to be in
+       an attribute name.
+
 2001-06-18  Hrvoje Niksic  <hniksic@arsdigita.com>
 
        * url.c (url_filename): Make sure that slashes that sneak in to

diff --git a/src/cookies.c b/src/cookies.c
index b70c3423d321f764f3819dbb90c3f1e448f7f848..0a02183976290f007d81f834fc1276fec42bba0f 100644 (file)
--- a/src/cookies.c
+++ b/src/cookies.c
@@ -418,9 +418,16 @@ update_cookie_field (struct cookie *cookie,
 #undef NAME_IS
 
 /* Returns non-zero for characters that are legal in the name of an
-   attribute.  */
-
-#define ATTR_NAME_CHAR(c) (ISALNUM (c) || (c) == '-' || (c) == '_')
+   attribute.  This used to allow only alphanumerics, '-', and '_',
+   but we need to be more lenient because a number of sites wants to
+   use weirder attribute names.  rfc2965 "informally specifies"
+   attribute name (token) as "a sequence of non-special, non-white
+   space characters".  So we allow everything except the stuff we know
+   could harm us.  */
+
+#define ATTR_NAME_CHAR(c) ((c) > 32 && (c) < 127       \
+                          && (c) != '"' && (c) != '='  \
+                          && (c) != ';' && (c) != ',')
 
 /* Fetch the next character without doing anything special if CH gets
    set to 0.  (The code executed next is expected to handle it.)  */