Merge pull request js-cookie#418 from carhartl/fix-getjson-accidentally-writing-cookie-with-too-many-arguments

carhartl · web-flow · commit 71859834c34a · 2018-04-13T08:09:31.000+02:00
Fix getJSON() accidentally writing cookie with too many arguments
diff --git a/README.md b/README.md
@@ -95,6 +95,16 @@ Read all visible cookies:
 Cookies.get(); // => { name: 'value' }
 ```
 
+*Note: It is not possible to read a particular cookie by passing one of the cookie attributes (which may or may not
+have been used when writing the cookie in question):*
+
+```javascript
+Cookies.get('foo', domain: { 'sub.example.com' }); // `domain` won't have any effect...!
+```
+
+The cookie with the name `foo` will only be available on `.get()` if it's visible from where the
+code is called; the domain and/or path attribute will not have an effect when reading.
+
 Delete cookie:
 
 ```javascript
diff --git a/src/js.cookie.js b/src/js.cookie.js
@@ -140,10 +140,10 @@
 		api.get = function (key) {
 			return api.call(api, key);
 		};
-		api.getJSON = function () {
-			return api.apply({
+		api.getJSON = function (key) {
+			return api.call({
 				json: true
-			}, arguments);
+			}, key);
 		};
 		api.remove = function (key, attributes) {
 			api(key, '', extend(attributes, {
diff --git a/test/tests.js b/test/tests.js
@@ -474,6 +474,11 @@ QUnit.test('Cookies with escaped quotes in json using raw converters', function
 	assert.strictEqual(Cookies.get('c'), '{ \\"foo\\": \\"bar\\" }', 'returns unparsed cookie with enclosing quotes removed');
 });
 
+QUnit.test('Prevent accidentally writing cookie when passing unexpected argument', function (assert) {
+	Cookies.getJSON('c', { foo: 'bar' });
+	assert.strictEqual(Cookies.get('c'), undefined, 'should not write any cookie');
+});
+
 QUnit.module('noConflict', lifecycle);
 
 QUnit.test('do not conflict with existent globals', function (assert) {
