js-cookie 2.1.2 → 2.2.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 Copyright 2018 Klaus Hartl, Fagner Brack, GitHub Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -2,7 +2,7 @@
   <img src="https://cloud.githubusercontent.com/assets/835857/14581711/ba623018-0436-11e6-8fce-d2ccd4d379c9.gif">
 </p>
 
-# JavaScript Cookie [![Build Status](https://travis-ci.org/js-cookie/js-cookie.svg?branch=master)](https://travis-ci.org/js-cookie/js-cookie) [![Code Climate](https://codeclimate.com/github/js-cookie/js-cookie.svg)](https://codeclimate.com/github/js-cookie/js-cookie)
+# JavaScript Cookie [![Build Status](https://travis-ci.org/js-cookie/js-cookie.svg?branch=master)](https://travis-ci.org/js-cookie/js-cookie) [![Code Climate](https://codeclimate.com/github/js-cookie/js-cookie.svg)](https://codeclimate.com/github/js-cookie/js-cookie) [![jsDelivr Hits](https://data.jsdelivr.com/v1/package/npm/js-cookie/badge?style=rounded)](https://www.jsdelivr.com/package/npm/js-cookie)
 
 A simple, lightweight JavaScript API for handling cookies
 
@@ -15,12 +15,12 @@ A simple, lightweight JavaScript API for handling cookies
 * [RFC 6265](https://tools.ietf.org/html/rfc6265) compliant
 * Useful [Wiki](https://github.com/js-cookie/js-cookie/wiki)
 * Enable [custom encoding/decoding](#converters)
-* **~800 bytes** gzipped!
+* **~900 bytes** gzipped!
 
 **If you're viewing this at https://github.com/js-cookie/js-cookie, you're reading the documentation for the master branch.
-[View documentation for the latest release (2.1.2).](https://github.com/js-cookie/js-cookie/tree/v2.1.2#readme)**
+[View documentation for the latest release.](https://github.com/js-cookie/js-cookie/tree/latest#readme)**
 
-## Build Status Matrix
+## Build Status Matrix ([including active Pull Requests](https://github.com/js-cookie/js-cookie/issues/286))
 
 [![Selenium Test Status](https://saucelabs.com/browser-matrix/js-cookie.svg)](https://saucelabs.com/u/js-cookie)
 
@@ -28,12 +28,18 @@ A simple, lightweight JavaScript API for handling cookies
 
 ### Direct download
 
-Download the script [here](https://github.com/js-cookie/js-cookie/blob/v2.1.2/src/js.cookie.js) and include it (unless you are packaging scripts somehow else):
+Download the script [here](https://github.com/js-cookie/js-cookie/blob/latest/src/js.cookie.js) and include it (unless you are packaging scripts somehow else):
 
 ```html
 <script src="/path/to/js.cookie.js"></script>
 ```
 
+Or include it via [jsDelivr CDN](https://www.jsdelivr.com/package/npm/js-cookie):
+
+```html
+<script src="https://cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js"></script>
+```
+
 **Do not include the script directly from GitHub (http://raw.github.com/...).** The file is being served as text/plain and as such being blocked
 in Internet Explorer on Windows 7 for instance (because of the wrong MIME type). Bottom line: GitHub is not a CDN.
 
@@ -41,6 +47,11 @@ in Internet Explorer on Windows 7 for instance (because of the wrong MIME type).
 
 JavaScript Cookie supports [npm](https://www.npmjs.com/package/js-cookie) and [Bower](http://bower.io/search/?q=js-cookie) under the name `js-cookie`.
 
+#### NPM
+```
+  $ npm install js-cookie --save
+```
+
 ### Module Loaders
 
 JavaScript Cookie can also be loaded as an AMD or CommonJS module.
@@ -78,6 +89,16 @@ Read all visible cookies:
 Cookies.get(); // => { name: 'value' }
 ```
 
+*Note: It is not possible to read a particular cookie by passing one of the cookie attributes (which may or may not
+have been used when writing the cookie in question):*
+
+```javascript
+Cookies.get('foo', { domain: 'sub.example.com' }); // `domain` won't have any effect...!
+```
+
+The cookie with the name `foo` will only be available on `.get()` if it's visible from where the
+code is called; the domain and/or path attribute will not have an effect when reading.
+
 Delete cookie:
 
 ```javascript
@@ -92,7 +113,13 @@ Cookies.remove('name'); // fail!
 Cookies.remove('name', { path: '' }); // removed!
 ```
 
-*IMPORTANT! when deleting a cookie, you must pass the exact same path and domain attributes that was used to set the cookie, unless you're relying on the [default attributes](#cookie-attributes).*
+*IMPORTANT! When deleting a cookie and you're not relying on the [default attributes](#cookie-attributes), you must pass the exact same path and domain attributes that were used to set the cookie:*
+
+```javascript
+Cookies.remove('name', { path: '', domain: '.yourdomain.com' });
+```
+
+*Note: Removing a nonexistent cookie does not raise any exception nor return any value.*
 
 ## Namespace conflicts
 
@@ -142,7 +169,9 @@ Cookies.getJSON(); // => { name: { foo: 'bar' } }
 
 This project is [RFC 6265](http://tools.ietf.org/html/rfc6265#section-4.1.1) compliant. All special characters that are not allowed in the cookie-name or cookie-value are encoded with each one's UTF-8 Hex equivalent using [percent-encoding](http://en.wikipedia.org/wiki/Percent-encoding).  
 The only character in cookie-name or cookie-value that is allowed and still encoded is the percent `%` character, it is escaped in order to interpret percent input as literal.  
-To override the default cookie decoding you need to use a [converter](#converter).
+Please note that the default encoding/decoding strategy is meant to be interoperable [only between cookies that are read/written by js-cookie](https://github.com/js-cookie/js-cookie/pull/200#discussion_r63270778). To override the default encoding/decoding strategy you need to use a [converter](#converters).
+
+*Note: According to [RFC 6265](https://tools.ietf.org/html/rfc6265#section-6.1), your cookies may get deleted if they are too big or there are too many cookies in the same domain, [more details here](https://github.com/js-cookie/js-cookie/wiki/Frequently-Asked-Questions#why-are-my-cookies-being-deleted).*
 
 ## Cookie Attributes
 
@@ -152,6 +181,8 @@ Cookie attributes defaults can be set globally by setting properties of the `Coo
 
 Define when the cookie will be removed. Value can be a [`Number`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number) which will be interpreted as days from time of creation or a [`Date`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date) instance. If omitted, the cookie becomes a session cookie.
 
+To create a cookie that expires in less than a day, you can check the [FAQ on the Wiki](https://github.com/js-cookie/js-cookie/wiki/Frequently-Asked-Questions#expire-cookies-in-less-than-a-day).
+
 **Default:** Cookie is removed when the user closes the browser.
 
 **Examples:**
@@ -182,7 +213,9 @@ Cookies.remove('name', { path: '' });
 
 (From [Internet Explorer Cookie Internals (FAQ)](http://blogs.msdn.com/b/ieinternals/archive/2009/08/20/wininet-ie-cookie-internals-faq.aspx))
 
-This means one cannot set a path using `path: window.location.pathname` in case such pathname contains a filename like so: `/check.html` (or at least, such cookie cannot be read correctly).
+This means one cannot set a path using `window.location.pathname` in case such pathname contains a filename like so: `/check.html` (or at least, such cookie cannot be read correctly).
+
+In fact, you should never allow untrusted input to set the cookie attributes or you might be exposed to a [XSS attack](https://github.com/js-cookie/js-cookie/issues/396).
 
 ### domain
 
@@ -220,7 +253,7 @@ Either `true` or `false`, indicating if the cookie transmission requires a secur
 ```javascript
 Cookies.set('name', 'value', { secure: true });
 Cookies.get('name'); // => 'value'
-Cookies.remove('name', { secure: true });
+Cookies.remove('name');
 ```
 
 ## Converters
@@ -269,16 +302,22 @@ Check out the [Servers Docs](SERVER_SIDE.md)
 
 Check out the [Contributing Guidelines](CONTRIBUTING.md)
 
+## Security
+
+For vulnerability reports, send an e-mail to `jscookieproject at gmail dot com`
+
 ## Manual release steps
 
 * Increment the "version" attribute of `package.json`
 * Increment the version number in the `src/js.cookie.js` file
+* If `major` bump, update jsDelivr CDN major version link on README
 * Commit with the message "Release version x.x.x"
 * Create version tag in git
 * Create a github release and upload the minified file
-* Link the documentation of the latest release tag in the `README.md`
-* Link the download link to the latest release tag in the `README.md`
-* Commit with the message "Prepare for the next development iteration"
+* Change the `latest` tag pointer to the latest commit
+  * `git tag -f latest`
+  * `git push <remote> :refs/tags/latest`
+  * `git push origin master --tags`
 * Release on npm
 
 ## Authors

package/SERVER_SIDE.md

@@ -32,7 +32,7 @@ var PHPCookies = Cookies.withConverter({
     write: function (value) {
         // Encode all characters according to the "encodeURIComponent" spec
         return encodeURIComponent(value)
-            // Revert the characters that are unnecessarly encoded but are
+            // Revert the characters that are unnecessarily encoded but are
             // allowed in a cookie value, except for the plus sign (%2B)
             .replace(/%(23|24|26|3A|3C|3E|3D|2F|3F|40|5B|5D|5E|60|7B|7D|7C)/g, decodeURIComponent);
     },
@@ -62,7 +62,7 @@ var TomcatCookies = Cookies.withConverter({
   write: function (value) {
       // Encode all characters according to the "encodeURIComponent" spec
       return encodeURIComponent(value)
-          // Revert the characters that are unnecessarly encoded but are
+          // Revert the characters that are unnecessarily encoded but are
           // allowed in a cookie value
           .replace(/%(23|24|26|2B|3A|3C|3E|3D|2F|3F|40|5B|5D|5E|60|7B|7D|7C)/g, decodeURIComponent)
           // Encode the parens that are interpreted incorrectly by Tomcat
@@ -95,7 +95,7 @@ var JBossCookies = Cookies.withConverter({
     write: function (value) {
         // Encode all characters according to the "encodeURIComponent" spec
         return encodeURIComponent(value)
-            // Revert the characters that are unnecessarly encoded but are
+            // Revert the characters that are unnecessarily encoded but are
             // allowed in a cookie value
             .replace(/%(23|24|26|2B|3A|3C|3E|3D|2F|3F|40|5B|5D|5E|60|7B|7D|7C)/g, decodeURIComponent)
             // Encode again the characters that are not allowed in JBoss 7.1.1, like "[" and "]":

package/package.json

@@ -1,13 +1,12 @@
 {
   "name": "js-cookie",
-  "version": "2.1.2",
+  "version": "2.2.1",
   "description": "A simple, lightweight JavaScript API for handling cookies",
   "main": "src/js.cookie.js",
   "directories": {
     "test": "test"
   },
   "keywords": [
-    "jquery-plugin",
     "cookie",
     "cookies",
     "browser",
@@ -24,21 +23,25 @@
     "type": "git",
     "url": "git://github.com/js-cookie/js-cookie.git"
   },
+  "files": [
+    "src/**/*.js",
+    "SERVER_SIDE.md",
+    "CONTRIBUTING.md"
+  ],
   "author": "Klaus Hartl",
   "license": "MIT",
   "devDependencies": {
-    "grunt": "1.0.0",
+    "grunt": "1.0.3",
     "grunt-compare-size": "0.4.2",
-    "grunt-contrib-connect": "1.0.2",
-    "grunt-contrib-jshint": "1.0.0",
-    "grunt-contrib-nodeunit": "1.0.0",
-    "grunt-contrib-qunit": "1.2.0",
-    "grunt-contrib-uglify": "1.0.1",
-    "grunt-contrib-watch": "1.0.0",
-    "grunt-jscs": "2.8.0",
-    "grunt-saucelabs": "8.6.2",
+    "grunt-contrib-connect": "2.0.0",
+    "grunt-contrib-nodeunit": "2.0.0",
+    "grunt-contrib-qunit": "2.0.0",
+    "grunt-contrib-uglify": "2.3.0",
+    "grunt-contrib-watch": "1.1.0",
+    "grunt-eslint": "21.0.0",
+    "grunt-saucelabs": "9.0.0",
     "gzip-js": "0.3.2",
     "qunitjs": "1.23.1",
-    "requirejs": "2.2.0"
+    "requirejs": "2.3.5"
   }
 }

package/src/js.cookie.js

@@ -1,16 +1,21 @@
 /*!
- * JavaScript Cookie v2.1.2
+ * JavaScript Cookie v2.2.1
  * https://github.com/js-cookie/js-cookie
  *
  * Copyright 2006, 2015 Klaus Hartl & Fagner Brack
  * Released under the MIT license
  */
 ;(function (factory) {
+	var registeredInModuleLoader;
 	if (typeof define === 'function' && define.amd) {
 		define(factory);
-	} else if (typeof exports === 'object') {
+		registeredInModuleLoader = true;
+	}
+	if (typeof exports === 'object') {
 		module.exports = factory();
-	} else {
+		registeredInModuleLoader = true;
+	}
+	if (!registeredInModuleLoader) {
 		var OldCookies = window.Cookies;
 		var api = window.Cookies = factory();
 		api.noConflict = function () {
@@ -31,117 +36,124 @@
 		return result;
 	}
 
+	function decode (s) {
+		return s.replace(/(%[0-9A-Z]{2})+/g, decodeURIComponent);
+	}
+
 	function init (converter) {
-		function api (key, value, attributes) {
-			var result;
+		function api() {}
+
+		function set (key, value, attributes) {
 			if (typeof document === 'undefined') {
 				return;
 			}
 
-			// Write
+			attributes = extend({
+				path: '/'
+			}, api.defaults, attributes);
 
-			if (arguments.length > 1) {
-				attributes = extend({
-					path: '/'
-				}, api.defaults, attributes);
+			if (typeof attributes.expires === 'number') {
+				attributes.expires = new Date(new Date() * 1 + attributes.expires * 864e+5);
+			}
 
-				if (typeof attributes.expires === 'number') {
-					var expires = new Date();
-					expires.setMilliseconds(expires.getMilliseconds() + attributes.expires * 864e+5);
-					attributes.expires = expires;
+			// We're using "expires" because "max-age" is not supported by IE
+			attributes.expires = attributes.expires ? attributes.expires.toUTCString() : '';
+
+			try {
+				var result = JSON.stringify(value);
+				if (/^[\{\[]/.test(result)) {
+					value = result;
 				}
+			} catch (e) {}
 
-				try {
-					result = JSON.stringify(value);
-					if (/^[\{\[]/.test(result)) {
-						value = result;
-					}
-				} catch (e) {}
+			value = converter.write ?
+				converter.write(value, key) :
+				encodeURIComponent(String(value))
+					.replace(/%(23|24|26|2B|3A|3C|3E|3D|2F|3F|40|5B|5D|5E|60|7B|7D|7C)/g, decodeURIComponent);
+
+			key = encodeURIComponent(String(key))
+				.replace(/%(23|24|26|2B|5E|60|7C)/g, decodeURIComponent)
+				.replace(/[\(\)]/g, escape);
 
-				if (!converter.write) {
-					value = encodeURIComponent(String(value))
-						.replace(/%(23|24|26|2B|3A|3C|3E|3D|2F|3F|40|5B|5D|5E|60|7B|7D|7C)/g, decodeURIComponent);
-				} else {
-					value = converter.write(value, key);
+			var stringifiedAttributes = '';
+			for (var attributeName in attributes) {
+				if (!attributes[attributeName]) {
+					continue;
+				}
+				stringifiedAttributes += '; ' + attributeName;
+				if (attributes[attributeName] === true) {
+					continue;
 				}
 
-				key = encodeURIComponent(String(key));
-				key = key.replace(/%(23|24|26|2B|5E|60|7C)/g, decodeURIComponent);
-				key = key.replace(/[\(\)]/g, escape);
-
-				return (document.cookie = [
-					key, '=', value,
-					attributes.expires && '; expires=' + attributes.expires.toUTCString(), // use expires attribute, max-age is not supported by IE
-					attributes.path    && '; path=' + attributes.path,
-					attributes.domain  && '; domain=' + attributes.domain,
-					attributes.secure ? '; secure' : ''
-				].join(''));
+				// Considers RFC 6265 section 5.2:
+				// ...
+				// 3.  If the remaining unparsed-attributes contains a %x3B (";")
+				//     character:
+				// Consume the characters of the unparsed-attributes up to,
+				// not including, the first %x3B (";") character.
+				// ...
+				stringifiedAttributes += '=' + attributes[attributeName].split(';')[0];
 			}
 
-			// Read
+			return (document.cookie = key + '=' + value + stringifiedAttributes);
+		}
 
-			if (!key) {
-				result = {};
+		function get (key, json) {
+			if (typeof document === 'undefined') {
+				return;
 			}
 
+			var jar = {};
 			// To prevent the for loop in the first place assign an empty array
-			// in case there are no cookies at all. Also prevents odd result when
-			// calling "get()"
+			// in case there are no cookies at all.
 			var cookies = document.cookie ? document.cookie.split('; ') : [];
-			var rdecode = /(%[0-9A-Z]{2})+/g;
 			var i = 0;
 
 			for (; i < cookies.length; i++) {
 				var parts = cookies[i].split('=');
 				var cookie = parts.slice(1).join('=');
 
-				if (cookie.charAt(0) === '"') {
+				if (!json && cookie.charAt(0) === '"') {
 					cookie = cookie.slice(1, -1);
 				}
 
 				try {
-					var name = parts[0].replace(rdecode, decodeURIComponent);
-					cookie = converter.read ?
-						converter.read(cookie, name) : converter(cookie, name) ||
-						cookie.replace(rdecode, decodeURIComponent);
+					var name = decode(parts[0]);
+					cookie = (converter.read || converter)(cookie, name) ||
+						decode(cookie);
 
-					if (this.json) {
+					if (json) {
 						try {
 							cookie = JSON.parse(cookie);
 						} catch (e) {}
 					}
 
+					jar[name] = cookie;
+
 					if (key === name) {
-						result = cookie;
 						break;
 					}
-
-					if (!key) {
-						result[name] = cookie;
-					}
 				} catch (e) {}
 			}
 
-			return result;
+			return key ? jar[key] : jar;
 		}
 
-		api.set = api;
+		api.set = set;
 		api.get = function (key) {
-			return api(key);
+			return get(key, false /* read as raw */);
 		};
-		api.getJSON = function () {
-			return api.apply({
-				json: true
-			}, [].slice.call(arguments));
+		api.getJSON = function (key) {
+			return get(key, true /* read as json */);
 		};
-		api.defaults = {};
-
 		api.remove = function (key, attributes) {
-			api(key, '', extend(attributes, {
+			set(key, '', extend(attributes, {
 				expires: -1
 			}));
 		};
 
+		api.defaults = {};
+
 		api.withConverter = init;
 
 		return api;

package/.jshintignore

@@ -1,2 +0,0 @@
-build
-node_modules

package/.jshintrc

@@ -1,14 +0,0 @@
-{
-	"curly": true,
-	"eqeqeq": true,
-	"expr": true,
-	"newcap": true,
-	"noarg": true,
-	"nonbsp": true,
-	"trailing": true,
-	"undef": true,
-	"unused": true,
-	"globals": {
-		"Cookies": true
-	}
-}

package/.npmignore

@@ -1,4 +0,0 @@
-node_modules
-build
-.sizecache.json
-*.log*

package/.tm_properties

@@ -1,11 +0,0 @@
-softTabs = false
-tabSize  = 2
-
-[ text.plain ]
-softWrap   = true
-wrapColumn = "Use Window Frame"
-softTabs   = true
-tabSize    = 4
-
-[ "*.md" ]
-fileType = "text.plain"

package/.travis.yml

@@ -1,12 +0,0 @@
-language: node_js
-node_js:
-  - '5.1.1'
-# Only use grunt-ci for commits pushed to this repo. Fall back to regular test
-# for pull requests (as secure variables won't be exposed there).
-script:
-  - ./travis.sh
-env:
-  # Encrypted SAUCE_USERNAME and SAUCE_ACCESS_KEY used by travis
-  global:
-    - secure: IkMOa/8r4sWyzUMxecsfqoPzZyIqVAMwPkQ6/HxXPbT8X7UnvqAdaicAMeHEKtOnOac+rx6pGB9HQvC8P/ZzkEBtsKLP4nEh9vsAInZvb3pXg+qbIgIK6/19X0kU4UkpDqVdWmBuFTamJvMDMstUTgEaM3869bB5vGp9taBgfVo=
-    - secure: DKrQplF0CBiBh+cbQ8D7EKebCeklUWEELblIJdU4475Occ4G9b8ZFYO9HFwl1B8F/XapB7CsMyxbJCWor030FySeqn8bhJs9NoAVoYGg+MtWniv1EOHuZLWuOGfgQDv7qj5U0Af9Y655MmUpXSN2aDlCmQweWnYdpFTM9Dfsdd8=