Opened 11 years ago
Closed 11 years ago
#19641 closed Bug (invalid)
Cookie encoding inconsistency
| Reported by: | kirpit | Owned by: | nobody |
|---|---|---|---|
| Component: | HTTP handling | Version: | 1.4 |
| Severity: | Release blocker | Keywords: | cookie, encoding |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Django is encoding cookie values and if, only if any of its value is encoded, wrapping the entire value within double quotes.
django/http/__init__.py starts from the line #84 (for 1.4.3):
# If encoded now contains any quoted chars, we need double quotes # around the whole string. if "\\" in encoded and not encoded.startswith('"'): encoded = '"' + encoded + '"'
That means, the value hello will be stored as hello but hello world will be stored as "hello world".
I believe this is totally inconsistent and difficult to handle from client side. For example, you simply cannot use jquery.cookie to get the exact value without writing some double quotes checking javascript code.
If you use jquery.cookie with its default values ($.cookie.raw = false; and $.cookie.json = false;) you get the server-side set value with double quotes around it (as in var value = '"hello world"';)
If you use it with $.cookie.json = true;, you get the double quoted values fine (as in var value = "hello world";) but you get syntax error (for hello) because it is trying JSON.parse('hello'), which is not a valid JSON string.
Actually, This seems to be a problem of that jquery.cookie library you are using: https://github.com/carhartl/jquery-cookie/pull/57