{
    "Selected_candidate": {
        "pr_number": 13800,
        "pr_title": "Fixed #32191 -- Made CookieStorage use RFC 6265 compliant format.",
        "pr_body": "Continues work by Florian Apolloner in this [PR](https://github.com/django/django/pull/13793).\r\nThe aim is to make messages, when stored in cookies, compliant with RFC6265 which defines allowed characters for cookies. It does this by base64 encoding them, and then to reduce their size, it compresses them using zlib.\r\nThis fix is achieved by introducing `sign_object` and `unsign_object` into the base signer class.",
        "issue_id": 32191,
        "issue_title": "Not RFC 6265 compliant cookies in contrib.messages.",
        "issue_body": "Hi\nA Customer of mine is using a WAF which is handling Cookies as it is described tin the RFC:\n​\nhttps://tools.ietf.org/html/rfc6265\nThe issue now is that Django is trying to use an escape-character in cookie-Values which is not supported in the RFC\nan example of such a cookie:\nmessages=\\\"123\\\\\\\"NOTRECEIVED\\\"\"\nPlease consider to get this fixed so there can be a protection of this system.\nRegards,\nNico",
        "issue_closed_at": "2021-01-07T06:20:56",
        "base_commit": "3eb98743dcaa0b7abd2d5832cba8cc9cb586a964",
        "changes": [
            {
                "file": "django/contrib/messages/storage/cookie.py",
                "type": "class",
                "name": "MessageEncoder",
                "code": "class MessageEncoder(json.JSONEncoder):\n    \"\"\"\n    Compactly serialize instances of the ``Message`` class as JSON.\n    \"\"\"\n    message_key = '__json_message'\n\n    def __init__(self, *args, **kwargs):\n        kwargs.setdefault('separators', (',', ':'))\n        super().__init__(*args, **kwargs)\n\n    def default(self, obj):\n        if isinstance(obj, Message):\n            # Using 0/1 here instead of False/True to produce more compact json\n            is_safedata = 1 if isinstance(obj.message, SafeData) else 0\n            message = [self.message_key, is_safedata, obj.level, obj.message]\n            if obj.extra_tags:\n                message.append(obj.extra_tags)\n            return message\n        return super().default(obj)"
            },
            {
                "file": "django/contrib/messages/storage/cookie.py",
                "type": "function",
                "name": "decode",
                "class_name": "MessageDecoder",
                "code": "def decode(self, s, **kwargs):\n        decoded = super().decode(s, **kwargs)\n        return self.process_messages(decoded)"
            },
            {
                "file": "django/contrib/messages/storage/cookie.py",
                "type": "function",
                "name": "_encode",
                "class_name": "CookieStorage",
                "code": "def _encode(self, messages, encode_empty=False):\n        \"\"\"\n        Return an encoded version of the messages list which can be stored as\n        plain text.\n\n        Since the data will be retrieved from the client-side, the encoded data\n        also contains a hash to ensure that the data was not tampered with.\n        \"\"\"\n        if messages or encode_empty:\n            encoder = MessageEncoder()\n            value = encoder.encode(messages)\n            return self.signer.sign(value)"
            },
            {
                "file": "django/contrib/messages/storage/cookie.py",
                "type": "function",
                "name": "_decode",
                "class_name": "CookieStorage",
                "code": "def _decode(self, data):\n        \"\"\"\n        Safely decode an encoded text stream back into a list of messages.\n\n        If the encoded text stream contained an invalid hash or was in an\n        invalid format, return None.\n        \"\"\"\n        if not data:\n            return None\n        try:\n            decoded = self.signer.unsign(data)\n        except signing.BadSignature:\n            # RemovedInDjango40Warning: when the deprecation ends, replace\n            # with:\n            #   decoded = None.\n            decoded = self._legacy_decode(data)\n        if decoded:\n            try:\n                return json.loads(decoded, cls=MessageDecoder)\n            except json.JSONDecodeError:\n                pass\n        # Mark the data as used (so it gets removed) since something was wrong\n        # with the data.\n        self.used = True\n        return None"
            }
        ]
    },
    "Justification": "Candidate D is the most helpful because it is closely related to the Django messages framework, just as the CURRENT bug report is. Both involve issues with message handling, and specifically, Candidate D addresses problems with cookie storage for messages, which could provide insights into serialization and deserialization processes relevant to the CURRENT bug. The structural and component similarities between handling cookies and extra tags in messages make Candidate D particularly relevant in debugging potential issues stemming from message serialization complexities, thus aiding the resolution of the CURRENT bug."
}