Although I’m a couple weeks behind on this, I thought I’d note that I fixed the cookie parsing in the HTTP add-on in Themis, and cookie handling is probably working better than ever at the moment. This isn’t to say I’m done with it; I need to go back in and fix a few curious issues with non-standard dates, empty cookie values, and restricting the maximum length of both a cookie name and value, but I can say that it’s significantly better than it was. I’m also considering moving the cookie system into a plug-in of its own; which it originally was.

The reason is that while cookies are only sent over HTTP connections, Javascript can initiate HTTP connections and manipulate cookies as well. This can be somewhat dangerous, and PHP along with other web scripting languages have [relatively] recently started adding a new optional flag to mark cookies as HTTP only to their headers. While I’ve added support for this to the cookie system in Themis, it’s somewhat meaningless at the moment: there’s an old Javascript implementation in the source tree, but it’s completely unused at the moment and isn’t attached in any way to the Themis DOM system. However, once we have a renderer, and Mark is working on that currently, then we will start to need a Javascript interpreter, and that in turn will lead back to proper cookie handling.

In addition, I’m now faced with adding configuration options for the cookie system, and it would be easier to manipulate those settings in the preferences window if the cookie system was in its own separate plug-in. This isn’t going to happen tomorrow, so don’t worry about it right now, but this is going to be a change in the future.

On other subjects, thinking about Javascript has got me wondering if Themis should use the binaries that are currently in the repository, try to get updated versions compiled, try to use a different existing Javascript implementation, or write our own. I had hoped to use V8 from Google’s Chrome, but it requires GCC 4 which isn’t available on BeOS though it is available on Haiku, but I haven’t managed to get it compiled due to a series of oversights within the Haiku community. I’m not going to put blame on any one person or organization, but I will say that getting scons working seems to be impossible on Haiku, so I can’t even test V8 at this point. Also, since the Themis project is about learning browser design, I’m leaning heavily on the “write our own” side of things now, though it would probably take years to get a version that’s as complete as today’s Javascript demands, and then I’d be playing catch up forever. Still, that’s on my mind…