-
-
Notifications
You must be signed in to change notification settings - Fork 444
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: decode percent-encoded path in getPath #2688
Conversation
// If the path contains percent encoding, use `indexOf()` to find '?' and return the result immediately. | ||
// Although this is a performance disadvantage, it is acceptable since we prefer cases that do not include percent encoding. | ||
const queryIndex = url.indexOf('?', i) | ||
return decodeURIComponent(url.slice(start, queryIndex === -1 ? undefined : queryIndex)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return decodeURIComponent(url.slice(start, queryIndex === -1 ? undefined : queryIndex)) | |
return decodeURI(url.slice(start, queryIndex === -1 ? undefined : queryIndex)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the suggestion.
With the current code, if we s/decodeURIComponent/decodeURI/
, the following test fails, are you saying that "id is çawa yî%3F" is the expected result?
- id is çawa yî?
+ id is çawa yî%3F
This can be fixed by reverting 7192497. If we do that, the following test will fail. (double decoded)
- posts of %25
+ posts of %
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This can be fixed by reverting 7192497.
Correct.
If we do that, the following test will fail. (double decoded)
Ah, I see now, thanks for explaining! Well, in that case we need to .replaceAll('%25', '%2525')
prior to calling decodeURIComponent
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@szmarczak Thank you!
Unfortunately,
decodeURI('%2F') === decodeURI('%252F')
And cannot in principle be reverted with replaceAll()
, since the original information is lost when the decodeURI()
is applied.
For my part, I think that "using decodeURI() on a requested URL" is impossible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about doing .replaceAll('%25', '%2525')
before calling decodeURI
? This means that in order to catch %
people will need to use %25
in the path string, e.g. /foo%25bar
(not: /foo%bar
), but for all other percent-encoded characters it should decode as expected (meaning /foo/bar/ąę
should work as expected; also the params should use decodeURIComponent
- double decoding should be prevented with the mentioned replaceAll
happening just before decodeURI
).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah I see, that is true. That's great! I think it will be the spec you want.
I'm not going to include this change in this PR, since this PR has the same result as Django, but I'll make a separate PR for this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you!
#2672
The author should do the following, if applicable
bun denoify
to generate files for Denobun run format:fix && bun run lint:fix
to format the code