Closed Bug 282319 Opened 20 years ago Closed 20 years ago

non-ASCII Cookies set by server are not read correctly by javascript

Categories

(Core :: Networking: Cookies, defect)

Product:
Core
Component:
Networking: Cookies
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: mail, Assigned: darin.moz)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

When a non-ASCII cookie value is set by server Set-Cookie header it is stored as
plain text and is always sent back to the server as plain text. When a national
charset is supplied there is no problem for server to set/read cookies. But if a
cookie value is read with javascript it is read in ISO-8859-1 resulting in
incorrect values. See screenshot:
http://forum.ixbt.com/post.cgi?id=attach:5:3946:0:1

There is no problem when cookie is both set and read by javascript as it is
saved encoded like %u041D%u0435%u0439%u0442%u0440%u043E%u043D

Reproducible: Always

Steps to Reproduce:
1. Set plain non-ASCII cookie value by server with HTTP header Set-Cookie such as
print qq(Set-Cookie: user=русский; path=/\n);
print qq(Content-type: text/html; charset=windows-1251\n\n);
2. Read the value with javascript document.cookie

Actual Results:  
reads windows-1251 value as ISO-8859-1
reads Нейтрон as Íåéòðîí

Expected Results:  
read windows-1251 as windows-1251 value as specified by server header
Content-type: text/html; charset=windows-1251

See http://forum.ixbt.com/0005/003946.html (russian)
HTTP Headers are ASCII only.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
hm, it seems that they are rather ISO-8859-1 only.
see RFC 2616, 2.2:
                                                                Words
   of *TEXT MAY contain characters from character sets other than ISO-
   8859-1 [22] only when encoded according to the rules of RFC 2047
   [14].

with 4.8:
       message-header = field-name ":" [ field-value ]
       field-value    = *( field-content | LWS )
       field-content  = <the OCTETs making up the field-value
                        and consisting of either *TEXT or combinations
                        of token, separators, and quoted-string>
You need to log in before you can comment on or make changes to this bug.