fix($cookie): use decodeURIComponent instead of unescape for cookie reading

the self.cookies method in $browser was using escape and unescape to handle the cookie name and value. These methods are deprecated and cause problems with some special characters (€). The method has been changed to use the replacement encodeURIComponent and decodeURIComponent. Closes #8125
2026-04-05 08:59:35 +08:00 · 2014-07-08 17:18:38 +01:00
parent d6876f2906
commit 1c9ab40d28
2 changed files with 10 additions and 6 deletions
--- a/src/ng/browser.js
+++ b/src/ng/browser.js
@@ -280,16 +280,15 @@ function Browser(window, document, $log, $sniffer) {
   * @returns {Object} Hash of all cookies (if called without any parameter)
   */
  self.cookies = function(name, value) {
-    /* global escape: false, unescape: false */
    var cookieLength, cookieArray, cookie, i, index;

    if (name) {
      if (value === undefined) {
-        rawDocument.cookie = escape(name) + "=;path=" + cookiePath +
+        rawDocument.cookie = encodeURIComponent(name) + "=;path=" + cookiePath +
                                ";expires=Thu, 01 Jan 1970 00:00:00 GMT";
      } else {
        if (isString(value)) {
-          cookieLength = (rawDocument.cookie = escape(name) + '=' + escape(value) +
+          cookieLength = (rawDocument.cookie = encodeURIComponent(name) + '=' + encodeURIComponent(value) +
                                ';path=' + cookiePath).length + 1;

          // per http://www.ietf.org/rfc/rfc2109.txt browser must allow at minimum:
@@ -313,12 +312,12 @@ function Browser(window, document, $log, $sniffer) {
          cookie = cookieArray[i];
          index = cookie.indexOf('=');
          if (index > 0) { //ignore nameless cookies
-            name = unescape(cookie.substring(0, index));
+            name = decodeURIComponent(cookie.substring(0, index));
            // the first value that is seen for a cookie is the most
            // specific one.  values for the same cookie name that
            // follow are for less specific paths.
            if (lastCookies[name] === undefined) {
-              lastCookies[name] = unescape(cookie.substring(index + 1));
+              lastCookies[name] = decodeURIComponent(cookie.substring(index + 1));
            }
          }
        }
--- a/test/ng/browserSpecs.js
+++ b/test/ng/browserSpecs.js
@@ -250,7 +250,7 @@ describe('browser', function() {
        var i, longVal = '', cookieStr;

        for(i=0; i<4083; i++) {
-          longVal += '+';
+          longVal += 'x';
        }

        cookieStr = document.cookie;
@@ -323,6 +323,11 @@ describe('browser', function() {
        expect(browser.cookies()[' cookie name ']).toEqual(' cookie value ');
        expect(browser.cookies()['cookie name']).not.toBeDefined();
      });
+
+      it('should unscape special characters in cookie values', function() {
+        document.cookie = 'cookie_name=cookie_value_%E2%82%AC';
+        expect(browser.cookies()['cookie_name']).toEqual('cookie_value_€');
+      });
    });