Cookies.js uses deprecated escape and unescape functions

[Jaifroid]

You can see the use of these in cookies.js here: https://github.com/kiwix/kiwix-js/blob/master/www/js/lib/cookies.js#L26

See the big red warning sign regarding escape-unescape on https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/escape .

This is causing me some problems with UTF-8 characters in document titles in an experimental branch where I encode the last-visited page title in a cookie. It seems that escape-unescape are pre-UTF8 era, and we should use encodeURIComponent and decodeURIComponent instead where we are not using simple ASCII.

We don't need a framework for our limited handling of cookies. because it's very easy to get and set them without a framework, since a) we set the values ourselves, so we control them; b) most (all?) of the key-value pairs we use are ASCII; and c) if we extend them in the future we can simply encodeURIComponent and decodeURIComponent anything else ourselves.

These are the only patterns we need in our current code, I think, and they're one-liners:

• Getting the value of lastContentInjectionMode:

  value = document.cookie.replace(/^.*lastContentInjectionMode=([^;]*).*$/, '$1');

• Setting the value of lastContentInjectionMode:

  document.cookie = 'lastContentInjectionMode=' + lastContentInjectionMode + ';expires=Fri, 31 Dec 9999 23:59:59 GMT';

And for good measure, though I don't think we use these patterns:

• Checking that value of myKey is true:

  if (/myKey=true\b/i.test(document.cookie) { do something }

• Deleting myKey:

  document.cookie = myKey + '=;expires=Thu, 21 Sep 1979 00:00:01 UTC';

[mossroy]

I took this cookies.js file from Mozilla, but it was a long time ago.
It has been removed from https://developer.mozilla.org/en-US/docs/DOM/document.cookie, but the last available version in the history of this page has replaced escape/unescape with encodeURIComponent/decodeURIComponent : https://developer.mozilla.org/en-US/docs/Web/API/Document/cookie$revision/948801#A_little_framework_a_complete_cookies_readerwriter_with_full_unicode_support

I'm still in favor of using this kind of small framework to handle cookies. It's true that we don't currently use a lot of cookies. But, as you experienced, there can be many little traps we can fall into. If the cookie handling is in one-liners all over the code, it makes it less readable (cookies.getItem('lastContentInjectionMode'); instead of document.cookie.replace(/^.*lastContentInjectionMode=([^;]*).*$/, '$1');, that lets the reader believe we're changing a value, instead of reading it), and harder to maintain them.

I'd vote to fix this version of cookies.js with the latest from Mozilla (see link above), or use another framework if you prefer (like https://github.com/js-cookie/js-cookie, or any other one).

[Jaifroid]

No problem, I'm fine with fixing the framework! It's small, it's not problem to keep it, and the fix looks easy.