Opened 13 years ago

Closed 12 years ago

#536 closed enhancement (wontfix)

Make dojo.io.cookie.[set|get]ObjectCookie() work with nested objects

Reported by: wolfram@… Owned by: sjmiles
Priority: high Milestone: 0.9
Component: IO Version: 0.2
Keywords: Cc:
Blocked By: Blocking:

Description

I wanted to store nested objects into a cookie, i.e.

dojo.io.cookie.setObjectCookie("my_cookie", {window: {name: "debug", opened: true}}, 30);

Until now it only worked with one level of nesting, here is the update ...

Attachments (1)

io.cookie.diff (4.6 KB) - added by wolfram@… 13 years ago.
io.cookie.diff

Download all attachments as: .zip

Change History (7)

Changed 13 years ago by wolfram@…

Attachment: io.cookie.diff added

io.cookie.diff

comment:1 Changed 13 years ago by sjmiles

Milestone: 0.3release
Owner: changed from anonymous to sjmiles

If the idea is to serialize some object to place in cookie, shouldn't we use an existing serializer (e.g. JSON) rather than write a new one?

comment:2 Changed 13 years ago by wolfram.kriesing@…

Using an existing parser might be a good idea. eval is just for security issues not really feasible, but a json parser written in js might help here, but then you also want to set certain limitations on the parser, ie. that it only parses simple types, such as string, number, boolean etc. otherwise you would have the same security problems as with eval. What i wrote up was just a simple serialization into a proprietary format. {x: {y: "z"}} is converted to x.y=z ... What way should be gone: JSON parser with configurable limitations or the proprietary format?

comment:3 Changed 13 years ago by sjmiles

I'm not sure what we gain from proprietary format since JSON is simple and well-defined. There are existing implementations of 'safe' JSON decoders (Crockford has one).

Whether we write a custom safe-json decoder, use an existing implementation, or write some other transcode, it should be separate from the cookie code itself. In other words, the cookie code should invoke a serializer interface (decouple the implementation).

Thanks, hope this is clear.

comment:4 Changed 13 years ago by anonymous

Milestone: 0.3release0.4

comment:5 Changed 13 years ago by dylan

Component: CoreIO
Milestone: 0.40.5

any resolution on this one? moving to 0.5

comment:6 Changed 12 years ago by sjmiles

Resolution: wontfix
Status: newclosed

Think its best not to build in serialization into cookie API. Client code can choose it's own serialization.

Note: See TracTickets for help on using tickets.