cookie-store icon indicating copy to clipboard operation
cookie-store copied to clipboard
verified publisher icon WICG

Deal with non-UTF-8 cookies

Open annevk opened this issue 5 years ago • 7 comments

I think I raised this before, but I don't really see text about it in the specification. If you limit yourself to UTF-8, you need to deal with cookies that do not decode as UTF-8, presumably by dropping them as Chrome appears to do for document.cookie. That should be specified somehow.

I think that means cookies need to use "UTF-8 decode without BOM or fail" from Encoding.

annevk avatar Dec 02 '20 07:12 annevk

Ideally the way this would be specified is by sharing logic with document.cookie, FWIW. (Something I also raised before.)

annevk avatar Dec 02 '20 07:12 annevk

Thanks and +1. @bsittler did substantial investigation into cross-browser and API/header behavior with encoding, but I'm not sure that research was retained and was definitely not reflected into the spec.

We should audit test coverage and get coverage/spec updates.

(Sharing w/ HTML also SGTM. PRs/concrete suggestions welcome!)

inexorabletash avatar Dec 02 '20 19:12 inexorabletash