gh-92936: allow double quote in cookie values (#113663)

nburns · orsenthil · web-flow · commit d7dbde895884 · 2025-08-08T12:07:15.000-07:00
* allow double quote in cookie values
* Update Lib/test/test_http_cookies.py

Co-authored-by: Senthil Kumaran &lt;senthil@python.org&gt;
diff --git a/Lib/http/cookies.py b/Lib/http/cookies.py
@@ -426,7 +426,7 @@ def OutputString(self, attrs=None):
     (                              # Optional group: there may not be a value.
     \s*=\s*                          # Equal Sign
     (?P<val>                         # Start of group 'val'
-    "(?:[^\\"]|\\.)*"                  # Any double-quoted string
+    "(?:\\"|.)*?"                    # Any double-quoted string
     |                                  # or
     # Special case for "expires" attr
     (\w{3,6}day|\w{3}),\s              # Day of the week or abbreviated day
diff --git a/Lib/test/test_http_cookies.py b/Lib/test/test_http_cookies.py
@@ -48,6 +48,29 @@ def test_basic(self):
                     'Set-Cookie: d=r',
                     'Set-Cookie: f=h'
                 ))
+            },
+
+            # gh-92936: allow double quote in cookie values
+            {
+                'data': 'cookie="{"key": "value"}"',
+                'dict': {'cookie': '{"key": "value"}'},
+                'repr': "<SimpleCookie: cookie='{\"key\": \"value\"}'>",
+                'output': 'Set-Cookie: cookie="{"key": "value"}"',
+            },
+            {
+                'data': 'key="some value; surrounded by quotes"',
+                'dict': {'key': 'some value; surrounded by quotes'},
+                'repr': "<SimpleCookie: key='some value; surrounded by quotes'>",
+                'output': 'Set-Cookie: key="some value; surrounded by quotes"',
+            },
+            {
+                'data': 'session="user123"; preferences="{"theme": "dark"}"',
+                'dict': {'session': 'user123', 'preferences': '{"theme": "dark"}'},
+                'repr': "<SimpleCookie: preferences='{\"theme\": \"dark\"}' session='user123'>",
+                'output': '\n'.join((
+                    'Set-Cookie: preferences="{"theme": "dark"}"',
+                    'Set-Cookie: session="user123"',
+                ))
             }
         ]
 
diff --git a/Misc/NEWS.d/next/Library/2025-08-08-21-20-14.gh-issue-92936.rOgG1S.rst b/Misc/NEWS.d/next/Library/2025-08-08-21-20-14.gh-issue-92936.rOgG1S.rst
@@ -0,0 +1,2 @@
+Update regex used by ``http.cookies.SimpleCookie`` to handle values containing
+double quotes.

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	+Update regex used by ``http.cookies.SimpleCookie`` to handle values containing
	`2`	`+double quotes.`