cookie parsing containing a `=` in value

Question

cookie parsing containing a `=` in value

cmgchess opened this issue a year ago · 5 comments

https://github.com/30-seconds/30-seconds-of-code/blob/master/snippets/js/s/parse-cookie.md

if a cookie value contains an = would this break

Answer 1 · 2023-08-23T10:12:42.000Z

const parseCookie = (str) =>
  str
    .split(';')
    .map((v) => {
      const equalSignIndex = v.indexOf('=');
      const name = v.substr(0, equalSignIndex).trim();
      const value = v.substr(equalSignIndex + 1).trim();
      return [name, value];
    })
    .reduce((acc, [name, value]) => {
      acc[decodeURIComponent(name)] = decodeURIComponent(value);
      return acc;
    }, {});

Answer 2 · 2023-08-24T18:15:27.000Z

const parseCookie = str =>
str
.split(/;\s(?![^=]+=[^=]+)/) // Split only on semicolons followed by a space, not preceded by an equal sign
.map(v => v.split('='))
.reduce((acc, v) => {
acc[decodeURIComponent(v[0].trim())] = decodeURIComponent(v[1].trim());
return acc;
}, {});

Answer 3 · 2023-08-24T18:29:46.000Z

const parseCookie = str => str .split(/;\s(?![^=]+=[^=]+)/) // Split only on semicolons followed by a space, not preceded by an equal sign .map(v => v.split('=')) .reduce((acc, v) => { acc[decodeURIComponent(v[0].trim())] = decodeURIComponent(v[1].trim()); return acc; }, {});

console.log(parseCookie('foo=bar; equation=E%3Dmc%5E2'))
//{ foo: "bar; equation" }

Answer 4 · 2023-09-25T12:04:25.000Z

To avoid this problem, you should encode any = characters in cookie values using the encodeURIComponent() function.
document.cookie = foo=${encodeURIComponent('foo=bar')};

Answer 5 · 2023-09-27T17:20:17.000Z

Thanks for opening an issue about this. As shown in the example below the code, if properly encoded, = is not going to be a problem. parseCookie is meant to be used in combination with serializeCookie, explaining the "correct" way to store and retrieve cookie values.