0

As per the ECMA-262 5th Edition:

A conforming implementation of this International standard shall interpret characters in conformance with the Unicode Standard, Version 3.0 or later and ISO/IEC 1064 6-1 with either UCS-2 or UTF-16 as the adopted encoding form, implementation level 3. If the adopted ISO/IEC 10646-1 subset is not otherwise specified, it is presumed to be the BMP subset, collection 300. If the adopted encoding form is not otherwise specified, it presumed to be the UTF-16 encoding form.

This brings me to the following questions:

  1. The UTF-16 or UCS-2 recommended by ECMAScript standard refers to the encoding form to be used for storage purposes or computation purposes?
  2. What character encoding (for storage purposes) is used to store cookies on the client?
  3. Also, since HTTP header values don't allow non US-ASCII characters, does the browser change the character encoding to ASCII before sending cookies to a server?

I'm particularly interested in the character encoding browsers use for storing cookies since that would let me calculate the actual number of bytes I could use per cookie.

Bharat Khatri
  • 1,367
  • 2
  • 16
  • 27

1 Answers1

1

1.The UTF-16 or UCS-2 recommended by ECMAScript standard refers to the encoding form to be used for storage purposes or computation purposes?

Computation, in as much as ECMAScript only specifies the interface presented to your scripts and not how that is implemented behind the scenes. An implementation could use any form of string storage (for example it could conceivably optimise ASCII-only strings to take only one byte per ECMAScript char/UTF-16 code unit).

2.What character encoding (for storage purposes) is used to store cookies on the client?

Not specified by ECMAScript or any other web standard. IE stores cookie files in the locale-specific default code page (aka ANSI). Some other browsers use SQLite databases, typically with UTF-8.

3.Also, since HTTP header values don't allow non US-ASCII characters, does the browser change the character encoding to ASCII before sending cookies to a server?

Varies across browsers. Last time I checked: IE encodes to ANSI. Chrome uses UTF-8. Firefox uses the low byte of each UTF-16 code unit (compatible with ISO-8859-1 for characters that supports, else irretrievably mangled). Safari blocks non-ASCII entirely.

Upshot: in practice non-ASCII characters are not usable in cookies at all. If you need Unicode safety and/or larger capacity, use DOM Storage.

I'm particularly interested in the character encoding browsers use for storing cookies since that would let me calculate the actual number of bytes I could use per cookie.

Browser limits vary widely in any case.

Community
  • 1
  • 1
bobince
  • 528,062
  • 107
  • 651
  • 834