URL Reserved Characters in event details break ICS download links #84

Paul-Hebert · 2019-09-06T18:08:01Z

While using this library I had an event with a title that started with a hashtag. The # character is a reserved character in URLs signifying the beginning of a hash block.

I ended up with a URL like this:

data:text/calendar;charset=utf8,BEGIN:VCALENDAR%0AVERSION:2.0%0ABEGIN:VEVENT%0AURL:http://0.0.0.0:3000/session/test-session-for-add-to-calendar%0ADTSTART:20190925T193000Z%0ADTEND:20190925T201500Z%0ASUMMARY:#%20!$%25&'()*+,/:;=?@%5B%5D%20%E2%80%94%20Test%20Session%20For%20Add%20to%20Calendar%0ADESCRIPTION:You're%20gonna%20want%20to%20add%20this%20one%20to%20your%20calendar!%0ALOCATION:Presidential%20Chamber%20D%0AEND:VEVENT%0AEND:VCALENDAR

Since the browser interprets everything after the # as a URL hash, it ignores everything after it. This results in a URL like this:

data:text/calendar;charset=utf8,BEGIN:VCALENDAR%0AVERSION:2.0%0ABEGIN:VEVENT%0AURL:http://0.0.0.0:3000/session/test-session-for-add-to-calendar%0ADTSTART:20190925T193000Z%0ADTEND:20190925T201500Z%0ASUMMARY:

As you can see the majority of the data is stripped out. This results in a ICS file like this:

BEGIN:VCALENDAR
VERSION:2.0
BEGIN:VEVENT
URL:http://0.0.0.0:3000/session/test-session-for-add-to-calendar
DTSTART:20190925T193000Z
DTEND:20190925T201500Z
SUMMARY:

It would be nice if the library handled this by encodeURIComponenting the user input, like this:

  const calendarUrl: string = [
    "BEGIN:VCALENDAR",
    "VERSION:2.0",
    "BEGIN:VEVENT",
    `URL:${encodeURIComponent(document.URL)}`,
    `DTSTART:${start}`,
    `DTEND:${end}`,
    `SUMMARY:${encodeURIComponent(event.title)}`,
    `DESCRIPTION:${encodeURIComponent(formattedDescription)}`,
    `LOCATION:${encodeURIComponent(event.location)}`,
    "END:VEVENT",
    "END:VCALENDAR"
  ].join("\n");

I am guessing characters like ? could cause similar problems.

Special characters in document.URL could also potentially cause this issue.

I'll try to find some time to open PR for this soon. 🙂

The text was updated successfully, but these errors were encountered:

issue-label-bot · 2019-09-06T18:08:03Z

Issue-Label Bot is automatically applying the label bug to this issue, with a confidence of 0.95. Please mark this comment with 👍 or 👎 to give our bot feedback!

Links: app homepage, dashboard and code for this bot.

The ICS generator creates a data URI Unescaped reserved chars like `#` and `?` can break the URL Escaping these sections resolves this. I changed the structure of the code to do this without double encoding. Also updates tests to match --- Fixes AnandChowdhary#84

The ICS generator creates a data URI. Unescaped reserved chars like `#` and `?` can break the URL Escaping these sections resolves this. I changed the structure of the code to do this without double encoding. Also updates tests to match. --- Fixes AnandChowdhary#84

issue-label-bot bot added the bug Something isn't working label Sep 6, 2019

Paul-Hebert mentioned this issue Sep 6, 2019

Update ICS exporter to encode reserved chars cloudfour/calendar-link#5

Merged

Paul-Hebert closed this as completed in cloudfour/calendar-link#5 Sep 6, 2019

Paul-Hebert mentioned this issue Sep 6, 2019

Update ICS exporter to encode reserved chars #85

Merged

Paul-Hebert reopened this Sep 6, 2019

AnandChowdhary closed this as completed in #85 Sep 9, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

URL Reserved Characters in event details break ICS download links #84

URL Reserved Characters in event details break ICS download links #84

Paul-Hebert commented Sep 6, 2019 •

edited

Loading

issue-label-bot bot commented Sep 6, 2019

URL Reserved Characters in event details break ICS download links #84

URL Reserved Characters in event details break ICS download links #84

Comments

Paul-Hebert commented Sep 6, 2019 • edited Loading

issue-label-bot bot commented Sep 6, 2019

Paul-Hebert commented Sep 6, 2019 •

edited

Loading