// Copyright 2006 The Closure Library Authors. All Rights Reserved. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS-IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. /** * @fileoverview Functions for setting, getting and deleting cookies. * * @author arv@google.com (Erik Arvidsson) */ goog.provide('goog.net.Cookies'); goog.provide('goog.net.cookies'); goog.require('goog.userAgent'); /** * A class for handling browser cookies. * @param {Document} context The context document to get/set cookies on. * @constructor */ goog.net.Cookies = function(context) { /** * The context document to get/set cookies on * @type {Document} * @private */ this.document_ = context; }; /** * Static constant for the size of cookies. Per the spec, there's a 4K limit * to the size of a cookie. To make sure users can't break this limit, we * should truncate long cookies at 3950 bytes, to be extra careful with dumb * browsers/proxies that interpret 4K as 4000 rather than 4096. * @type {number} */ goog.net.Cookies.MAX_COOKIE_LENGTH = 3950; /** * RegExp used to split the cookies string. * @type {RegExp} * @private */ goog.net.Cookies.SPLIT_RE_ = /\s*;\s*/; /** * Returns true if cookies are enabled. * @return {boolean} True if cookies are enabled. */ goog.net.Cookies.prototype.isEnabled = function() { return navigator.cookieEnabled; }; /** * We do not allow '=', ';', or white space in the name. * * NOTE: The following are allowed by this method, but should be avoided for * cookies handled by the server. * - any name starting with '$' * - 'Comment' * - 'Domain' * - 'Expires' * - 'Max-Age' * - 'Path' * - 'Secure' * - 'Version' * * @param {string} name Cookie name. * @return {boolean} Whether name is valid. * * @see RFC 2109 * @see RFC 2965 */ goog.net.Cookies.prototype.isValidName = function(name) { return !(/[;=\s]/.test(name)); }; /** * We do not allow ';' or line break in the value. * * Spec does not mention any illegal characters, but in practice semi-colons * break parsing and line breaks truncate the name. * * @param {string} value Cookie value. * @return {boolean} Whether value is valid. * * @see RFC 2109 * @see RFC 2965 */ goog.net.Cookies.prototype.isValidValue = function(value) { return !(/[;\r\n]/.test(value)); }; /** * Sets a cookie. The max_age can be -1 to set a session cookie. To remove and * expire cookies, use remove() instead. * * Neither the {@code name} nor the {@code value} are encoded in any way. It is * up to the callers of {@code get} and {@code set} (as well as all the other * methods) to handle any possible encoding and decoding. * * @throws {!Error} If the {@code name} fails #goog.net.cookies.isValidName. * @throws {!Error} If the {@code value} fails #goog.net.cookies.isValidValue. * * @param {string} name The cookie name. * @param {string} value The cookie value. * @param {number=} opt_maxAge The max age in seconds (from now). Use -1 to * set a session cookie. If not provided, the default is -1 * (i.e. set a session cookie). * @param {?string=} opt_path The path of the cookie. If not present then this * uses the full request path. * @param {?string=} opt_domain The domain of the cookie, or null to not * specify a domain attribute (browser will use the full request host name). * If not provided, the default is null (i.e. let browser use full request * host name). * @param {boolean=} opt_secure Whether the cookie should only be sent over * a secure channel. */ goog.net.Cookies.prototype.set = function( name, value, opt_maxAge, opt_path, opt_domain, opt_secure) { if (!this.isValidName(name)) { throw Error('Invalid cookie name "' + name + '"'); } if (!this.isValidValue(value)) { throw Error('Invalid cookie value "' + value + '"'); } if (!goog.isDef(opt_maxAge)) { opt_maxAge = -1; } var domainStr = opt_domain ? ';domain=' + opt_domain : ''; var pathStr = opt_path ? ';path=' + opt_path : ''; var secureStr = opt_secure ? ';secure' : ''; var expiresStr; // Case 1: Set a session cookie. if (opt_maxAge < 0) { expiresStr = ''; // Case 2: Expire the cookie. // Note: We don't tell people about this option in the function doc because // we prefer people to use ExpireCookie() to expire cookies. } else if (opt_maxAge == 0) { // Note: Don't use Jan 1, 1970 for date because NS 4.76 will try to convert // it to local time, and if the local time is before Jan 1, 1970, then the // browser will ignore the Expires attribute altogether. var pastDate = new Date(1970, 1 /*Feb*/, 1); // Feb 1, 1970 expiresStr = ';expires=' + pastDate.toUTCString(); // Case 3: Set a persistent cookie. } else { var futureDate = new Date(goog.now() + opt_maxAge * 1000); expiresStr = ';expires=' + futureDate.toUTCString(); } this.setCookie_(name + '=' + value + domainStr + pathStr + expiresStr + secureStr); }; /** * Returns the value for the first cookie with the given name. * @param {string} name The name of the cookie to get. * @param {string=} opt_default If not found this is returned instead. * @return {string|undefined} The value of the cookie. If no cookie is set this * returns opt_default or undefined if opt_default is not provided. */ goog.net.Cookies.prototype.get = function(name, opt_default) { var nameEq = name + '='; var parts = this.getParts_(); for (var i = 0, part; part = parts[i]; i++) { if (part.indexOf(nameEq) == 0) { return part.substr(nameEq.length); } if (part == name) { return ''; } } return opt_default; }; /** * Removes and expires a cookie. * @param {string} name The cookie name. * @param {string=} opt_path The path of the cookie, or null to expire a cookie * set at the full request path. If not provided, the default is '/' * (i.e. path=/). * @param {string=} opt_domain The domain of the cookie, or null to expire a * cookie set at the full request host name. If not provided, the default is * null (i.e. cookie at full request host name). * @return {boolean} Whether the cookie existed before it was removed. */ goog.net.Cookies.prototype.remove = function(name, opt_path, opt_domain) { var rv = this.containsKey(name); this.set(name, '', 0, opt_path, opt_domain); return rv; }; /** * Gets the names for all the cookies. * @return {Array.} An array with the names of the cookies. */ goog.net.Cookies.prototype.getKeys = function() { return this.getKeyValues_().keys; }; /** * Gets the values for all the cookies. * @return {Array.} An array with the values of the cookies. */ goog.net.Cookies.prototype.getValues = function() { return this.getKeyValues_().values; }; /** * @return {boolean} Whether there are any cookies for this document. */ goog.net.Cookies.prototype.isEmpty = function() { return !this.getCookie_(); }; /** * @return {number} The number of cookies for this document. */ goog.net.Cookies.prototype.getCount = function() { var cookie = this.getCookie_(); if (!cookie) { return 0; } return this.getParts_().length; }; /** * Returns whether there is a cookie with the given name. * @param {string} key The name of the cookie to test for. * @return {boolean} Whether there is a cookie by that name. */ goog.net.Cookies.prototype.containsKey = function(key) { // substring will return empty string if the key is not found, so the get // function will only return undefined return goog.isDef(this.get(key)); }; /** * Returns whether there is a cookie with the given value. (This is an O(n) * operation.) * @param {string} value The value to check for. * @return {boolean} Whether there is a cookie with that value. */ goog.net.Cookies.prototype.containsValue = function(value) { // this O(n) in any case so lets do the trivial thing. var values = this.getKeyValues_().values; for (var i = 0; i < values.length; i++) { if (values[i] == value) { return true; } } return false; }; /** * Removes all cookies for this document. Note that this will only remove * cookies from the current path and domain. If there are cookies set using a * subpath and/or another domain these will still be there. */ goog.net.Cookies.prototype.clear = function() { var keys = this.getKeyValues_().keys; for (var i = keys.length - 1; i >= 0; i--) { this.remove(keys[i]); } }; /** * Private helper function to allow testing cookies without depending on the * browser. * @param {string} s The cookie string to set. * @private */ goog.net.Cookies.prototype.setCookie_ = function(s) { this.document_.cookie = s; }; /** * Private helper function to allow testing cookies without depending on the * browser. IE6 can return null here. * @return {?string} Returns the {@code document.cookie}. * @private */ goog.net.Cookies.prototype.getCookie_ = function() { return this.document_.cookie; }; /** * @return {!Array.} The cookie split on semi colons. * @private */ goog.net.Cookies.prototype.getParts_ = function() { return (this.getCookie_() || ''). split(goog.net.Cookies.SPLIT_RE_); }; /** * Gets the names and values for all the cookies. * @return {Object} An object with keys and values. * @private */ goog.net.Cookies.prototype.getKeyValues_ = function() { var parts = this.getParts_(); var keys = [], values = [], index, part; for (var i = 0; part = parts[i]; i++) { index = part.indexOf('='); if (index == -1) { // empty name keys.push(''); values.push(part); } else { keys.push(part.substring(0, index)); values.push(part.substring(index + 1)); } } return {keys: keys, values: values}; }; /** * A static default instance. * @type {goog.net.Cookies} */ goog.net.cookies = new goog.net.Cookies(document); /** * Define the constant on the instance in order not to break many references to * it. * @type {number} * @deprecated Use goog.net.Cookies.MAX_COOKIE_LENGTH instead. */ goog.net.cookies.MAX_COOKIE_LENGTH = goog.net.Cookies.MAX_COOKIE_LENGTH;