Code

#19641 closed Bug (invalid)

Cookie encoding inconsistency

Reported by: kirpit Owned by: nobody
Component: HTTP handling Version: 1.4
Severity: Release blocker Keywords: cookie, encoding
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Django is encoding cookie values and if, only if any of its value is encoded, wrapping the entire value within double quotes.

django/http/__init__.py starts from the line #84 (for 1.4.3):

# If encoded now contains any quoted chars, we need double quotes
# around the whole string.
if "\\" in encoded and not encoded.startswith('"'):
  encoded = '"' + encoded + '"'

That means, the value hello will be stored as hello but hello world will be stored as "hello world".

I believe this is totally inconsistent and difficult to handle from client side. For example, you simply cannot use jquery.cookie to get the exact value without writing some double quotes checking javascript code.

If you use jquery.cookie with its default values ($.cookie.raw = false; and $.cookie.json = false;) you get the server-side set value with double quotes around it (as in var value = '"hello world"';)

If you use it with $.cookie.json = true;, you get the double quoted values fine (as in var value = "hello world";) but you get syntax error (for hello) because it is trying JSON.parse('hello'), which is not a valid JSON string.

Attachments (0)

Change History (1)

comment:1 Changed 18 months ago by ramiro

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to invalid
  • Status changed from new to closed

Actually, This seems to be a problem of that jquery.cookie library you are using: https://github.com/carhartl/jquery-cookie/pull/57

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.