Handle RFC 2068 quoted cookie values properly, closes carhartl#57

carhartl · carhartl · commit ff9dfc634e91 · 2013-01-23T12:59:39.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,8 @@ HEAD
 - Removing licensing under GPL Version 2, the plugin is now released under MIT License only
 (following the jQuery library itself here).
 
+- Properly handle RFC 2068 quoted cookie values.
+
 1.2.0
 -----
 - Adding `$.removeCookie('foo')` for deleting a cookie, using `$.cookie('foo', null)` is now deprecated.
diff --git a/jquery.cookie.js b/jquery.cookie.js
@@ -14,8 +14,16 @@
 	}
 
 	function decoded(s) {
-		return decodeURIComponent(s.replace(pluses, ' '));
+		return unRfc2068(decodeURIComponent(s.replace(pluses, ' ')));
 	}
+	
+	function unRfc2068(value) {
+		if (value.indexOf('"') === 0) {
+			// This is a quoted cookie as according to RFC2068, unescape
+			value = value.slice(1, -1).replace('\\"', '"').replace('\\\\', '\\');
+		}
+		return value;
+	};
 
 	var config = $.cookie = function (key, value, options) {
 
diff --git a/test.js b/test.js
@@ -33,6 +33,12 @@ test('not existing', function () {
 	equal($.cookie('whatever'), null, 'should return null');
 });
 
+test('rfc2068 quoted string', function () {
+	expect(1);
+	document.cookie = 'c="v@address.com\\"\\\\"';
+	equal($.cookie('c'), 'v@address.com"\\', 'should decode rfc2068 quoted string');
+});
+
 test('decode', function () {
 	expect(1);
 	document.cookie = encodeURIComponent(' c') + '=' + encodeURIComponent(' v');
