Re: [PATCH] url: Wrap cookie headers in url-http--encode-string.

[Eli Zaretskii]

> From: Alain Schneble <address@hidden>
> CC: <address@hidden>, <address@hidden>, <address@hidden>,
>       <address@hidden>
> Date: Fri, 9 Sep 2016 21:21:18 +0200
> 
> >> 2. The reason why it crashes in this example is not because the cookie
> >>    contains some non-ascii characters but because the ascii-only
> >>    cookie-value gets converted into a multibyte string internally.
> >
> > Of course, that part is clear.  ASCII strings can be either unibyte or
> > multibyte, depending on how they were produced.
> 
> I was not fully aware of the details how and when that happens, sorry.

If you just generate an ASCII string from ASCII characters, it will
usually be unibyte.  If you take it as a substring from a multibyte
buffer, it will usually be multibyte.

> > But why did you think this was worth mentioning?  How does it help us
> > find the proper solution?
> 
> Just because the question was raised in this thread whether or not a
> cookie-value can or will ever contain any non-ascii characters.  And I
> think we still do not have any strong evidence that any server out there
> really uses non-ascii characters on purpose.

That's not the issue.  The issue is whether a cookie-value can
legitimately have non-ASCII characters.  If it can, then we must
_encode_ the cookie-value, as that is the only correct way of getting
a unibyte string from non-ASCII characters.  And you pointed to an RFC
that seems to say non-ASCII characters in cookies are possible.