Improve [trusted-]set-cookie scriptlets

As per RFC 6265 the characters ", should be encoded but apparently browsers don't care. Remove them from the set of characters which presence trigger encoding. Related feedback: uBlockOrigin/uBlock-issues#3178 (comment)
gorhill · Apr 1, 2024 · 49ff7cf · 49ff7cf
1 parent 08aa3eb
commit 49ff7cf
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/assets/resources/scriptlets.js b/assets/resources/scriptlets.js
@@ -975,7 +975,9 @@ function setCookieFn(
         name = encodeURIComponent(name);
     }
     // https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1
-    if ( /[^!#-+\--:<-[\]-~]/.test(value) ) {
+    // The characters [",] are given a pass from the RFC requirements because
+    // apparently browsers do not follow the RFC to the letter.
+    if ( /[^!-:<-[\]-~]/.test(value) ) {
         value = encodeURIComponent(value);
     }