Comments (5)
Just if anybody else finds this discussion while searching for an answer like I did:
Cookies are passed to the server as a HTTP header:
Cookie: name1=value1; name2=value2
Obviously, value1 is not allowed to contain a ;
There are also other problematic characters.
The fact is that cookies are fundamentally hampered by the lack of encoding. You have to choose an encoding and use it both in the browser and on the server.
MDN recommends encodeURIComponent: https://developer.mozilla.org/en-US/docs/Web/API/document.cookie
from jquery-cookie.
Reason to use encodeURIComponent
/ decodeURIComponent
was that escape
/ unescape
is deprecated.
Apart from that I haven't yet understood what the problem is here. The cookie value runs through decodeURIComponent before it is returned; thus, unless I am missing something, it should be exactly the same as what it was when passed into the cookie. Could you please post a gist or something to illustrate the issue?
Last not least you can use the raw
option to bypass encoding in the first place.
from jquery-cookie.
You are right about it being deprecated. Probably encodeURI() is what is really needed instead of encodeURIComponent().
Here's the problem in a nutshell: Your code works only if the cookie is being created and consumed via your plugin. If you create a cookie with your plugin and then try to read it from a php or java app, that app has to know that the cookie is encoded with encodeURIComponent() and should be urldecoded() on the backend.
The main place this causes a problem is when you put a URL or URI in a cookie. Let's say I want to put "/foo" in a cookie. EncodeURIComponent() gives me the unusable pathname "%2Ffoo" while encodeURI() gives me "/foo" which is directly consumable by any backend system or anyone else using the cookie without your plugin.
The advantage of encode() here is actually that if you have a semicolon in your cookie value, it gets escaped out. encodeURI() doesn't escape the semicolon, so you will have to add some code to handle that on top of the use of encodeURI().
Raw is OK, but I'm assuming maybe you added that because people had issues with the encoding. If you use encodeURI(), then you probably don't need it anymore.
from jquery-cookie.
Reason I cannot use encodeURI
:
encodeURI('foo;bar') == "foo;bar"
But:
encodeURIComponent('foo;bar') == "foo%3Bbar"
The latter is the behavior we want.
raw
was in fact added to account for playing nice with a server.
from jquery-cookie.
I'm curious as to why you want that behaviour? Struggling to find an answer elsewhere http://stackoverflow.com/questions/5743119/why-use-encodeuricomponent-when-writing-json-to-a-cookie
from jquery-cookie.
Related Issues (20)
- If the cookie time is up, then the cookie value is what? undefind or null? HOT 1
- Line Break HOT 1
- Line Break HOT 9
- Request - version bump on js files or revert master HOT 12
- [NuGet] Align naming convention between minified and base .js files in package HOT 2
- $.removeCookie is not deleting cookie in Chrome HOT 13
- A Session Cookie not working HOT 8
- Cookies deleted when page open without query parameters HOT 2
- $.removeCookie is not a recognized on Chrome HOT 7
- Cookie gets restored magically after some time HOT 7
- Disable issues? HOT 2
- Escape # char
- Cookie not set in IE10 HOT 1
- Do not create an issue here! HOT 3
- Bower crashing if using jquery-cookie 1.4.1 HOT 2
- Unable to install using Bower HOT 6
- Fail update cookie? HOT 2
- jquery cookie support for http flag true HOT 2
- Cookie Https HOT 2
- suggestion: add function for parse signedcookies in next rev HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jquery-cookie.