Bug report

Bug description:

There are several issues with http.cookies.SimpleCookie.load() that deviate from current browser behavior:

1. Malformed cookies are not processed at all

Consider the cookie a=b;c=d\x09d;e=f. The e value contains \x09, which is not allowed per RFC 6265, Section 4.1.1.

When this is sent to a browser (Chrome 130), the browser processes all valid cookies and filters out invalid ones:

HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: a=b;
Set-Cookie: c=d	d;
Set-Cookie: e=f

Resulting behavior:

> document.cookie
< 'a=b; e=f'

However, http.cookies.SimpleCookie.load() ignores the entire cookie string:

>>> from http import cookies
>>> C = cookies.SimpleCookie()
>>> C.load("a=b;c=d\x09d;e=f")
>>> C.output()
''

2. Malformed cookies are inconsistently processed

Consider the cookie a=b;c={"d":"e"};f=g. The c value is invalid per RFC 6265, Section 4.1.1.

Browsers process this cookie without an issue:

HTTP/1.1 200 OK
Content-Type: text/html
Set-Cookie: a=b;
Set-Cookie: c={"d":"e"};
Set-Cookie: f=g

Resulting behavior:

> document.cookie
< 'a=b; c={"d":"e"}; f=g'

However, http.cookies.SimpleCookie.load() processes only the valid portion before the malformed cookie and stops entirely:

>>> from http import cookies
>>> C = cookies.SimpleCookie()
>>> C.load('a=b; c={"d":"e"}; f=g')
>>> C.output()
'Set-Cookie: a=b'

It seems we should ensure consistent handling by (a) processing all valid cookies and discarding only invalid ones, or
(b) rejecting the entire cookie string if any invalid cookie is present.

CPython versions tested on:

CPython main branch

Operating systems tested on:

No response