Issue 46962: Fix decoding of paths containing encoded commas #140
Conversation
src/labkey/ActionURL.ts
Outdated
| @@ -273,6 +273,16 @@ export interface ActionPath { | |||
| controller: string; | |||
| } | |||
|
|
|||
| /** | |||
| * decodeURI chooses not to decode encoded commas (presumably because encodeURI also does nothing with commas). | |||
There was a problem hiding this comment.
This is why:
So should we consider any of these other characters? Also, just curious, where did you see that it is recommended to encode them?
There was a problem hiding this comment.
Here, for example: https://developer.mozilla.org/en-US/docs/Glossary/percent-encoding
There was a problem hiding this comment.
Thanks for that pointer. I think in this usage, since we've already identified the part that's being decoded as a container path, which shouldn't include parts where these characters have meaning in the URI syntax, it should be safe to decode all of these characters (so they don't get double encoded later). Thoughts?
There was a problem hiding this comment.
Ah, but we prevent the use of many of these characters in folder names. We allow ;, @, &, =, $, ,, and #. Perhaps we should expand the set of not allowed characters, but there may be some weird ones in the wild already.
There was a problem hiding this comment.
@labkey-nicka I've update the method to decode the other characters that are valid in project names but encoded by URI encoding. I believe returning the fully decoded path is what we want here since previously that is what was expected, just not being done. Happy to discuss, though.
There was a problem hiding this comment.
I think what you've done works.
Rationale
decodeURIchooses not to decode encoded commas (presumably because encodeURI also does nothing with commas) (even thoughdecodeURIComponentdoes the right thing). This can be problematic since encoding of commas is actually recommended (and done on the server side).Related Pull Requests
Changes