URI-escape cookies (addresses external issue 4365).
Review by: rice
git-svn-id: https://google-web-toolkit.googlecode.com/svn/trunk@7354 8db76d5a-ed1c-0410-87a9-c151d255dfc7
diff --git a/user/src/com/google/gwt/user/client/Cookies.java b/user/src/com/google/gwt/user/client/Cookies.java
index fd114c9..f564b26 100644
--- a/user/src/com/google/gwt/user/client/Cookies.java
+++ b/user/src/com/google/gwt/user/client/Cookies.java
@@ -110,7 +110,7 @@
*/
public static void removeCookie(String name) {
if (uriEncoding) {
- uriEncode(name);
+ name = uriEncode(name);
}
removeCookieNative(name);
}
@@ -124,7 +124,7 @@
*/
public static void removeCookie(String name, String path) {
if (uriEncoding) {
- uriEncode(name);
+ name = uriEncode(name);
}
removeCookieNative(name, path);
}
@@ -174,10 +174,12 @@
public static void setCookie(String name, String value, Date expires,
String domain, String path, boolean secure) {
if (uriEncoding) {
- uriEncode(name);
- uriEncode(value);
- } else if (!isValidCookieName(name) || !isValidCookieValue(value)) {
- throw new IllegalArgumentException("Illegal cookie format.");
+ name = uriEncode(name);
+ value = uriEncode(value);
+ } else if (!isValidCookieName(name)) {
+ throw new IllegalArgumentException("Illegal cookie format: " + name + " is not a valid cookie name.");
+ } else if (!isValidCookieValue(value)) {
+ throw new IllegalArgumentException("Illegal cookie format: " + value + " is not a valid cookie value.");
}
setCookieImpl(name, value, (expires == null) ? 0 : expires.getTime(),
domain, path, secure);
diff --git a/user/test/com/google/gwt/user/client/CookieTest.java b/user/test/com/google/gwt/user/client/CookieTest.java
index 5e36c3b..3724808 100644
--- a/user/test/com/google/gwt/user/client/CookieTest.java
+++ b/user/test/com/google/gwt/user/client/CookieTest.java
@@ -151,7 +151,25 @@
Cookies.removeCookie("test1+test1");
cookies = Cookies.getCookieNames();
assertEquals(curCount, cookies.size());
+
+ // Make sure cookie names are URI encoded
+ Cookies.setUriEncode(true);
+ Cookies.setCookie("test1.,/?:@&=+$#", "value1");
+ assertEquals(curCount + 1, Cookies.getCookieNames().size());
+ Cookies.setUriEncode(false);
+ Cookies.removeCookie("test1.,/?:@&=+$#");
+ assertEquals(curCount + 1, Cookies.getCookieNames().size());
+ Cookies.setUriEncode(true);
+ Cookies.removeCookie("test1.,/?:@&=+$#");
+ assertEquals(curCount, Cookies.getCookieNames().size());
+ // Make sure cookie values are URI encoded
+ Cookies.setUriEncode(true);
+ Cookies.setCookie("testencodedvalue", "value1,/?:@&=+$#");
+ Cookies.setUriEncode(false);
+ String encodedValue = Cookies.getCookie("testencodedvalue");
+ assertTrue(encodedValue.compareTo("value1%2C%2F%3F%3A%40%26%3D%2B%24%23") == 0);
+
// Make sure unencoded cookies with bogus format are not added
try {
Cookies.setCookie("test1=test1", "value1");
