Anomaly identified by the detector. Please review whether this anomaly corresponds to a misuse.
Finding:
finding-18
In File:
org/w3c/www/http/HttpCookieList.java
In Method:
parse()
Code with Finding:
class HttpCookieList {
/**
* parse the Cookie Header according to the Netscape Specification:
* http://www.netscape.com/newsref/std/cookie_spec.html
* @exception HttpParserException if parsing failed.
*/
protected void parse()
throws HttpParserException
{
ParseState cv = new ParseState(roff, rlen);
ParseState it = new ParseState(0, 0);
cv.separator = (byte) ';';
cv.spaceIsSep = false;
it.separator = (byte) '=';
while ( HttpParser.nextItem(raw, cv) >= 0 ) {
it.ioff = cv.start;
it.bufend = cv.end;
if ( HttpParser.nextItem(raw, it) < 0 )
error("Invalid item in cookie value.");
String item = it.toString(raw);
if (item.charAt(0) == '$')
continue;
HttpCookie c = new HttpCookie();
// Get the item's value:
it.prepare();
if ( HttpParser.nextItem(raw, it) < 0 ) {
// if the cookie has no value, simply give it an empty
// value. The cookie spec does not say whether valueless
// cookies are not allowed and to simply set it to a blank
// string seems to be the most robust behavior because
// javascripting in browsers can set valueless cookies.
c.setValue("");
} else {
c.setValue(it.toString(raw));
}
c.setName(item);
cookies.addElement(c);
}
}
}
