Re: [http-state] [httpstate] #11: Consider defining how to map a cookie-string into unicode

Adam Barth <ietf@adambarth.com> Fri, 12 March 2010 07:19 UTC

Return-Path: <ietf@adambarth.com>
X-Original-To: http-state@core3.amsl.com
Delivered-To: http-state@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5AB2F3A6B69 for <http-state@core3.amsl.com>; Thu, 11 Mar 2010 23:19:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WL9c4mMO8WUf for <http-state@core3.amsl.com>; Thu, 11 Mar 2010 23:19:48 -0800 (PST)
Received: from mail-qy0-f175.google.com (mail-qy0-f175.google.com [209.85.221.175]) by core3.amsl.com (Postfix) with ESMTP id 00E6A3A6B5E for <http-state@ietf.org>; Thu, 11 Mar 2010 23:19:47 -0800 (PST)
Received: by qyk5 with SMTP id 5so1034457qyk.13 for <http-state@ietf.org>; Thu, 11 Mar 2010 23:19:50 -0800 (PST)
Received: by 10.224.97.71 with SMTP id k7mr239283qan.43.1268378390079; Thu, 11 Mar 2010 23:19:50 -0800 (PST)
Received: from mail-gw0-f44.google.com (mail-gw0-f44.google.com [74.125.83.44]) by mx.google.com with ESMTPS id 4sm303064ywg.9.2010.03.11.23.19.49 (version=SSLv3 cipher=RC4-MD5); Thu, 11 Mar 2010 23:19:49 -0800 (PST)
Received: by gwj18 with SMTP id 18so404638gwj.31 for <http-state@ietf.org>; Thu, 11 Mar 2010 23:19:49 -0800 (PST)
MIME-Version: 1.0
Received: by 10.231.157.68 with SMTP id a4mr768033ibx.78.1268378389104; Thu, 11 Mar 2010 23:19:49 -0800 (PST)
In-Reply-To: <op.u9f0ooh964w2qv@annevk-t60>
References: <062.544c0bb072716f6c8dcb113edd607a66@tools.ietf.org> <071.e0b5df3d3c55e1e3310622ce8f701733@tools.ietf.org> <op.u9f0ooh964w2qv@annevk-t60>
From: Adam Barth <ietf@adambarth.com>
Date: Thu, 11 Mar 2010 23:19:29 -0800
Message-ID: <5c4444771003112319n63706c95o56e56f09ac41d74b@mail.gmail.com>
To: Anne van Kesteren <annevk@opera.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Cc: http-state@ietf.org
Subject: Re: [http-state] [httpstate] #11: Consider defining how to map a cookie-string into unicode
X-BeenThere: http-state@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discuss HTTP State Management Mechanism <http-state.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-state>
List-Post: <mailto:http-state@ietf.org>
List-Help: <mailto:http-state-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-state>, <mailto:http-state-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Mar 2010 07:19:49 -0000

On Thu, Mar 11, 2010 at 11:06 PM, Anne van Kesteren <annevk@opera.com> wrote:
> On Thu, 11 Mar 2010 00:19:07 +0100, httpstate issue tracker
> <trac@tools.ietf.org> wrote:
>>
>> #11: Consider defining how to map a cookie-string into unicode
>>
>> --------------------------------+-------------------------------------------
>>  Reporter:  ietf@…              |        Owner:
>>     Type:  defect              |       Status:  closed
>>  Priority:  major               |    Milestone:
>> Component:  cookie              |      Version:
>>  Severity:  -                   |   Resolution:  fixed
>>  Keywords:                      |
>>
>> --------------------------------+-------------------------------------------
>> Changes (by ietf@…):
>>
>>  * status:  new => closed
>>  * resolution:  => fixed
>>
>>
>> Comment:
>>
>>  As discussed on the list:
>>
>>  The draft treats the cookie values as opaque octets throughout for use
>>  on the wire.  I've added a SHOULD-level requirement to use a UTF8 when
>>  converting the octets to characters (e.g., for use in the user agent's
>>  user interface).
>>
>>  Given that the encoding issue doesn't appear to affect
>>  interoperability on the wire, I think a SHOULD-level recommendation is
>>  appropriate here.  If specific APIs (e.g., document.cookie) have more
>>  specific needs, they can add additional requirements.
>
> FWIW, XMLHttpRequest inflates/deflates bytes for HTTP header values. I.e.
> uses ISO-8859-1 (not mapped to Windows-1252 in this specific instance). I
> would assume document.cookie behaves the same in most browsers...

As discussed earlier, some browsers apparently use UTF-8 for
document.cookie and others use ISO-8859-1:

http://github.com/abarth/http-state/blob/master/notes/2010-02-03-Julian-Reschke.txt

Adam