kaeli wrote:
<snip>
function getCookie (cookieName)
{
cookieValue = ""
There are quite a lot of global variables in this funciton that really
should be local.
if (document.cookie.indexOf(cookieName) == -1)
<snip>
The FAQ notes page:-
<URL:
http://jibbering.com/faq/faq_notes/cookies.html >
- describes an extra safety measure necessitated by the use of content
inserting/re-writing proxies (firewalls, internet security programs and
such like) to prevent scripts from using cookies. They do this by
re-writing - document.cookie - to - document.somethingElse - in the JS
source code. As a result the modified property accessor does not resolve
to a string (it will probably return an undefined value), and an attempt
to call - indexOf - will error as an undefined value will not
type-convert into an object.
Generally code that fails by erroring is undesirable (and potentially
embarrassing for its author if the user is seeing error messages
(proxies usually insert an - onerror - handler to suppress error
messages resulting from their actions)).
The page above proposes using a - typeof - test to verify that the
object returned from the property accessor is a string prior to calling
String object methods on it. A number of alternative safety measures
might be applied (or combined) to achieve a similar effect.
It should be possible to negate the effect of content inserting proxies
by using a bracket notation property accessor with a string value that
did not resemble "cookie":-
document["\x63o\x6Fk\x69e"]
- (or some other escape sequence based munging of "cookie" ) in the hope
that the proxy would fail to recognise and replace that. However, if the
user is running a proxy that is attempting to prevent scripts form
reading and writing cookies then maybe subverting its actions is not a
desirable thing to be doing.
An alternative to using - typeof - to verify that - document.cookie - is
returning a string value might be to assign - new
String(document.cookie) - to a local variable. Subsequent String object
method calls would not then be error-producing, though they would still
not "work" if the property accessor resolved as an undefined value.
However, as a safety measure, explicitly converting the primitive value
returned by the property accessor into a String object would have the
advantageous side-effect of producing more efficient code. The use of a
String object method on a string primitive forces an internal
type-conversions into a String object for each method invocation, so
explicitly doing that up-front in code that uses many String object
methods would avoid the need to have it done implicitly on each method
call:-
function getCookie (cookieName){
var cookieValStart,
cookieValEnd,
cookieValue = "",
ck = new String(document.cookie);
//or - ck = new String(document["\x63o\x6Fk\x69e"]);
if(
((cookieStart = ck.indexOf(cookieName)) != -1)&&
((cookieValStart = (ck.indexOf("=", cookieStart) + 1)) != 0)
){
// get the end index of the cookie value by looking
//for the semi-colon after the value
cookieValEnd = ck.indexOf(";", cookieStart);
// if no semi-colon, then use the whole length
if (cookieValEnd == -1){
cookieValEnd = ck.length;
}
// use substring to get the text between the two
//indices and that is the value of the cookie
cookieValue = ck.substring(cookieValStart, cookieValEnd);
}
return cookieValue;
}
Richard.
