Cookie keys are not encoded in a way that is compliant with RFC6265

ScottHamper / Cookies

JavaScript Client-Side Cookie Manipulation Library

The Unlicense

1.77k stars 169 forks source link

Cookie keys are not encoded in a way that is compliant with RFC6265 #18

Closed ScottHamper closed 10 years ago

ScottHamper commented 10 years ago

See Issue 17 for background.

encodeURIComponent is currently being used to encode cookie keys. However, this function escapes some characters that are allowed to be in a cookie key, and does not escape some characters that are not allowed to be in a cookie key, as defined by RFC6265.

gziolo commented 10 years ago

I think I have similar issue when trying to get key from cookie:

URIError: malformed URI sequence Cookies._getKeyValuePairFromCookieString()main_c...s_17.js (wiersz 111) Cookies._getCookieObjectFromString()main_c...s_17.js (wiersz 92) Cookies._renewCache()main_c...s_17.js (wiersz 116) Cookies.get()main_c...s_17.js (wiersz 27)

I will try to find cookie string that causes issue.

ScottHamper commented 10 years ago

Grzegorz, Your error is likely due to a cookie value being encoded in something other than UTF-8.

See Issue #22

gziolo commented 10 years ago

This time issue was caused by %uFFFD sequence which is the Unicode Replacement Character. This indicates that a given character value cannot be correctly encoded in Unicode.

I solved issue by updating Cookies._getKeyValuePairFromCookieString

with following bits of code: value: decodeURIComponent(cookieString.substr(separatorIndex + 1).replace(/%uFFFD/gi, ''))