Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regular Expressions #1

Open
Zegnat opened this issue Jul 11, 2012 · 1 comment
Open

Regular Expressions #1

Zegnat opened this issue Jul 11, 2012 · 1 comment

Comments

@Zegnat
Copy link

Zegnat commented Jul 11, 2012

It looks like you have taken the current RegExp for cookie values ([^;]+) from issue 7 on the original Google Project. The original poster there mentioned using RFC 2965. RFC 2965 does not allow cookie values to “contain any ASCII character except semicolon.” This is only true when the value is quoted ("value"), else it is very restrictive.

RFC 2965 is currently obsolete and superseded by RFC 6265. It defines exactly what characters are allowed in cookies, specifically in section 4.1.1, and makes the current RegExp completely wrong. The original RegExp by Haineault came closer, actually.

The main problem with only disallowing the semicolon (;), as you do, is that you allow all kinds of Unicode characters to be matched. Characters that should not be a part of a cookie value.

The official definition:

cookie-value      = *cookie-octet / ( DQUOTE *cookie-octet DQUOTE )
cookie-octet      = %x21 / %x23-2B / %x2D-3A / %x3C-5B / %x5D-7E
                      ; US-ASCII characters excluding CTLs,
                      ; whitespace DQUOTE, comma, semicolon,
                      ; and backslash

This can easily be converted to RegExp:

[\x21\x23-\x2B\x2D-\x3A\x3C-\x5B\x5D-\x7E]*|"[\x21\x23-\x2B\x2D-\x3A\x3C-\x5B\x5D-\x7E]*"

If you want to save 2 chars of your JavaScript you can use [!#$%&'()*+\-./0-9:<=>?@A-Z[\]^_a-z{|}~]instead of[\x21\x23-\x2B\x2D-\x3A\x3C-\x5B\x5D-\x7E]`.

Test case

// According to RFC 6265:
/^("?)[!#$%&'()*+\-.\/0-9:<=>?@A-Z[\]^_`a-z{|}~]*\1$/.test('"H@l1o_th>re"') == TRUE
/^("?)[!#$%&'()*+\-.\/0-9:<=>?@A-Z[\]^_`a-z{|}~]*\1$/.test('"H@l1o_th>re') == FALSE
/^("?)[!#$%&'()*+\-.\/0-9:<=>?@A-Z[\]^_`a-z{|}~]*\1$/.test('H@l1o_th>re"') == FALSE
/^("?)[!#$%&'()*+\-.\/0-9:<=>?@A-Z[\]^_`a-z{|}~]*\1$/.test('H@l1o_th>re') == TRUE
/^("?)[!#$%&'()*+\-.\/0-9:<=>?@A-Z[\]^_`a-z{|}~]*\1$/.test('Üñîçødë') == FALSE
// Current RegExp:
/[^;]+($|;)/.test('"H@l1o_th>re"') == TRUE
/[^;]+($|;)/.test('"H@l1o_th>re') == TRUE
/[^;]+($|;)/.test('H@l1o_th>re"') == TRUE
/[^;]+($|;)/.test('H@l1o_th>re') == TRUE
/[^;]+($|;)/.test('Üñîçødë') == TRUE

Feature request

Could you check whether key is a valid value when doing .set()? Here is the RegExp:

[\x21\x23-\x27\x2A\x2B\x2D\x2E\x30-\x39\x41-\x5A\x5E-\x7A\x7C\x7E]+

Or if you don’t like the hex values:

[!#$%&'*+\-.0-9A-Z^_`a-z|~]+

I think it would be great to have a library independent script for managing cookies in an easy and correct way. This could be it, but it needs some maintenance done.
@findchris
Copy link
Owner

Thanks for your thoughtful comment. If you put this change into a pull request, I'll merge it in as it seems to be a straightforward and logical request.

Cheers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@findchris @Zegnat