Although I’m a couple weeks behind on this, I thought I’d note that I fixed the cookie parsing in the HTTP add-on in Themis, and cookie handling is probably working better than ever at the moment. This isn’t to say I’m done with it; I need to go back in and fix a few curious issues with non-standard dates, empty cookie values, and restricting the maximum length of both a cookie name and value, but I can say that it’s significantly better than it was. I’m also considering moving the cookie system into a plug-in of its own; which it originally was.

The reason is that while cookies are only sent over HTTP connections, Javascript can initiate HTTP connections and manipulate cookies as well. This can be somewhat dangerous, and PHP along with other web scripting languages have [relatively] recently started adding a new optional flag to mark cookies as HTTP only to their headers. While I’ve added support for this to the cookie system in Themis, it’s somewhat meaningless at the moment: there’s an old Javascript implementation in the source tree, but it’s completely unused at the moment and isn’t attached in any way to the Themis DOM system. However, once we have a renderer, and Mark is working on that currently, then we will start to need a Javascript interpreter, and that in turn will lead back to proper cookie handling.

In addition, I’m now faced with adding configuration options for the cookie system, and it would be easier to manipulate those settings in the preferences window if the cookie system was in its own separate plug-in. This isn’t going to happen tomorrow, so don’t worry about it right now, but this is going to be a change in the future.

On other subjects, thinking about Javascript has got me wondering if Themis should use the binaries that are currently in the repository, try to get updated versions compiled, try to use a different existing Javascript implementation, or write our own. I had hoped to use V8 from Google’s Chrome, but it requires GCC 4 which isn’t available on BeOS though it is available on Haiku, but I haven’t managed to get it compiled due to a series of oversights within the Haiku community. I’m not going to put blame on any one person or organization, but I will say that getting scons working seems to be impossible on Haiku, so I can’t even test V8 at this point. Also, since the Themis project is about learning browser design, I’m leaning heavily on the “write our own” side of things now, though it would probably take years to get a version that’s as complete as today’s Javascript demands, and then I’d be playing catch up forever. Still, that’s on my mind…

Though this might be better served on the Themis web site, I’m posting this here since it’s not quite official yet.

Over the last few months, Mark and I have been trying to get back into the swing of working on this now ancient project. While Mark is doing some of the more important development, working on a rendering engine, I’ve been just trying to get back into the swing of C/C++ development on BeOS/Haiku. To that end, I’ve been rewriting some of the cookie parsing code, and I’ve implemented a new preferences manager that will allow developers to quickly and easily create, edit, and save preferences from any part of Themis provided they include the appropriate header. This came about because we felt the current preference system was getting to be too big and clunky, though it served its purposes for all these years.

At the moment, I’ve implemented the simplest possible preference manager I could: it flattens and unflattens BMessages to and from (respectively) files in the user’s Themis settings directory, will allow the developer to delete the settings file or even rename it. Ultimately, I think it will be a good idea to make it output and read and parse user editable text files like in the .ini style, but for now this is adequate.

The reason I’m rewriting a part of the cookie parser is that I noticed when going to CNN’s web site in Themis, they tended to set an odd cookie that seemed to cause a crash periodically. Rather than try to insist that CNN fix the problem to comply with Internet standards, I decided it would probably be prudent to make the cookie parsing more robust. Oh, by the way, it seems that Themis is the only browser that I have access to that actually supports the little known and less used Set-Cookie2 header which allows multiple cookies to be set in one header line. Though honestly, I’m not even 100% sure if that header was ever accepted as a standard.