Improve `[trusted-]set-cookie` scriptlets

As per RFC 6265 the characters ", should be encoded but apparently
browsers don't care. Remove them from the set of characters which
presence trigger encoding.

Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/issues/3178#issuecomment-2029622321
This commit is contained in:
Raymond Hill 2024-04-01 08:23:10 -04:00
parent 08aa3ebe10
commit 49ff7cffb1
No known key found for this signature in database
GPG Key ID: 25E1490B761470C2
1 changed files with 3 additions and 1 deletions

View File

@ -975,7 +975,9 @@ function setCookieFn(
name = encodeURIComponent(name);
}
// https://datatracker.ietf.org/doc/html/rfc6265#section-4.1.1
if ( /[^!#-+\--:<-[\]-~]/.test(value) ) {
// The characters [",] are given a pass from the RFC requirements because
// apparently browsers do not follow the RFC to the letter.
if ( /[^!-:<-[\]-~]/.test(value) ) {
value = encodeURIComponent(value);
}