parseCookie: Support for stripping double quotes escapes.
dostiharise opened this issue · comments
The parseCookie snippet doesn't support cookie parameter values that are escaped using a double quote "
Example:
The header Set-Cookie: who-are-you="i-am-a-cookie"; Path=/
results in Cookie Name who-are-you
and Cookie Value as "i-am-a-cookie"
.
When you read the cookie value, you may want to strip away the double-quote "
from "i-am-a-cookie"
and return i-am-a-cookie
.
Refer here:
I would like to do this.
Great! @CreaTorAlexander you could raise a pull request. I can help review & validate your PR.
cc: @Chalarangelo, @fejes713
So shall I just use the same example but with double quotes? Or ist there something else I have to think about?
I think editing the same snippet with necessary comments will help.
Once you have a PR, the maintainers will hopefully review and give you comments to improve.
Let's be ready to do multiple iterations. 🙂
I would add the necessary code that would strip away double quotes on left and right from the before decodeURIComponent
is called and not after.
Now that I think about it I am not sure if decodeURIComponent
is the right solution.
Because the decode must actually take place inside the app logic, and the cookie parsing value must be treated as is.
🤔
Example:
If the cookie is who-i-am="%22Glitch%20in%20the%20Matrix%20"
then I think the cookie value must be parsed as %22Glitch%20in%20the%20Matrix%20
.
And the application logic consuming the value must take care of the decodeURIComponent
.
The reason is many times you don't control the server side API, and the client logic must be able to parse a Cookie value as is, and method consuming the value could take care of decoding.
I may be wrong here, though. 🙂
For now let's just strip the double quote.
Are leading empty spaces are possible in Cookie Values?
who-are-you= "i-am-a-cookie"
No. Spaces are not allowed.
You can refer here: HTTP Cookie.
Ok well, ty
This issue is invalid. Cookie values should be parsed as-is and it's upon the developer to handle anything after that. The snippet does what it says on the box - parses the cookie. Edge-cases and additional handling is out of scope.