Fix redirect error when path contains raw non-URL characters

Author: dougwilson

HISTORY.md

@@ -1,6 +1,7 @@
 unreleased
 ==========
 
+  * Fix redirect error when `path` contains raw non-URL characters
   * Fix redirect when `path` starts with multiple forward slashes
 
 0.14.0 / 2016-06-06

index.html

@@ -16,6 +16,7 @@ var createError = require('http-errors')
 var debug = require('debug')('send')
 var deprecate = require('depd')('send')
 var destroy = require('destroy')
+var encodeUrl = require('encodeurl')
 var escapeHtml = require('escape-html')
 var etag = require('etag')
 var EventEmitter = require('events').EventEmitter
@@ -444,7 +445,7 @@ SendStream.prototype.redirect = function redirect (path) {
     return
   }
 
-  var loc = collapseLeadingSlashes(path + '/')
+  var loc = encodeUrl(collapseLeadingSlashes(path + '/'))
   var msg = 'Redirecting to <a href="' + escapeHtml(loc) + '">' + escapeHtml(loc) + '</a>\n'
   var res = this.res
 

index.js

@@ -17,6 +17,7 @@
     "debug": "~2.2.0",
     "depd": "~1.1.0",
     "destroy": "~1.0.4",
+    "encodeurl": "~1.0.1",
     "escape-html": "~1.0.3",
     "etag": "~1.7.0",
     "fresh": "0.3.0",

package.json

@@ -349,6 +349,19 @@ describe('send(file).pipe(res)', function () {
       .expect('Location', '/pets/')
       .expect(301, done)
     })
+
+    it('should respond with an HTML redirect', function (done) {
+      var app = http.createServer(function (req, res) {
+        send(req, req.url.replace('/snow', '/snow ☃'), {root: 'test/fixtures'})
+        .pipe(res)
+      })
+
+      request(app)
+      .get('/snow')
+      .expect('Location', '/snow%20%E2%98%83/')
+      .expect('Content-Type', /html/)
+      .expect(301, 'Redirecting to <a href="/snow%20%E2%98%83/">/snow%20%E2%98%83/</a>\n', done)
+    })
   })
 
   describe('when no "error" listeners are present', function () {