Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Ignore escape error and return original value better than throw the error #8
I don't agree throw 400 response when cookie parse error.
Most normal user don't know how to clean up the browser cookies.
If their cookies was modified by accident, they will always got the 400 response.
I think return the original value is better than throw the escape error.
I also think that this module should return the original cookie value and leave it up to higher level frameworks to decide on the action.
As for the pull request, I don't think you should have the try/catch over encode and would lean towards having the try/catch for decode at the call site and not in the decode function.
Did you actually encounter this error in a production system with that character code? I guess I am just trying to get a sense of why these invalid codes are showing up (especially on the outgoing end where you should be the one controlling the cookie values).
In this case I would actually be in favor of having the exception happen since you are using an invalid code point (as far as my quick googling shows) maybe that is not the case.
For incoming values, I do think it would be good to go ahead and pass those along if decoding fails. I don't agree about outgoing. In my mind I think this actually indicates some other failure you should be aware of and look into. I think the encoding example is contrived but am happy to be proven wrong by an actual use case :)
added a commit
this pull request
Oct 29, 2012
And there many other applications and shops hosting on "xxx.taobao.com", we can't stop them add the messed up cookies on ".taobao.com". If anyone do that, it will cause our "shu" web application response error page to the user.
This comment has been minimized.
This comment has been minimized.Show comment Hide comment
this is the answer why encodeURIComponent crash http://stackoverflow.com/questions/16868415/encodeuricomponent-throws-an-exception