3387: Having a cookie with "%%" in the value causes all (most) javascript to crash

abhishek*********@gmai***** (Google Code) (Is this you? Claim this profile.)
May 31, 2014
What version are you running? 2.0.1


What's the URL of the page containing the problem? http://rb.tripadvisor.com/r/24907/diff/


What steps will reproduce the problem?
1. go to http://rb.tripadvisor.com/r/24907/diff/
2. open JS console
3. type in:

    document.cookie = 'foo=%%'
4. refresh page

This seems to be because, in 3rdparty.js, the $.cookie function tries to parse every cookie, even ones that aren't requested, probably for caching. Upon doing this it deserializes every cookie and explodes the entire JS if it fails any of them.


What is the expected output? What do you see instead?
Reviewboard diffs to show up, probably by ignoring the error for the specific cookie and logging the error.


What operating system are you using? What browser?
Chrome Version 36.0.1985.18 beta on a Mac

Please provide any additional information below.
#1 abhishek*********@gmai***** (Google Code) (Is this you? Claim this profile.)
By the way, the real world example of this happening is when another site on the domain sets the cookie on the entire domain.
#2 abhishek*********@gmai***** (Google Code) (Is this you? Claim this profile.)
Posted a review of upgrading the jquery.cookie, but i have not thoroughly tested as i have never made ac ommit to reviewboard before and just needed to get something to make my coworkers less upset at me right now...

https://reviews.reviewboard.org/r/5888/
david
#3 david
Fixed in release-2.0.x (41e23fd). Thanks!
  • +Fixed