guarantee correct URLs

[jkowalleck]

caused by CycloneDX/cyclonedx-webpack-plugin#1239 (comment)

An issue exists, where (invalid) URLs like https://github.com/cssinjs/jss/issues/new?title=[jss-plugin-camel-case] cause trouble.
characters [] are invalid characters to URL standards. they must be url encoded %5B%5D.

possible fix can be done in this library, on normalization time (not in the model).
would not be the first time to fix this ...
see https://github.com/search?q=repo%3ACycloneDX%2Fcyclonedx-php-library+%255B&type=code

---

similar to CycloneDX/cyclonedx-php-library#35

have all the XML strings that are anyURI somehow fixed before rendering the XML/JSON.
affected elements:

• component.purl
• license.url
• externalReterence.url
• and so on ...

according to XML spec the anyURI needs to conform to https://www.ietf.org/rfc/rfc2396.txt

 * @see http://www.w3.org/TR/xmlschema-2/#anyURI
 * @see http://www.datypic.com/sc/xsd/t-xsd_anyURI.html


    /* URIs require that some characters be escaped with their hexadecimal Unicode code point preceded by the %
     * character. This includes non-ASCII characters and some ASCII characters, namely control characters, spaces,
     * and the following characters (unless they are used as deliimiters in the URI): <>#%{}|\^`.
     * [...]
     * The only values that are not accepted are ones that make inappropriate use of reserved characters, such as ones that contain multiple # characters or have % characters that are not followed by two hexadecimal digits.
     * -- as of http://www.datypic.com/sc/xsd/t-xsd_anyURI.html
     */

[jkowalleck]

@mLuca ,
do you want to give it a try and implement something that fixes those URLs?

url fixes SHOULD happen on (xml-/json-)normalization-time, not in the model.

see as inspiration: https://github.com/search?q=repo%3ACycloneDX%2Fcyclonedx-php-library+%255B&type=code

[mLuca]

@jkowalleck I can have a look today.

[mLuca]

@jkowalleck I had a look at the code base and grasped a bit of typescript on the way.
I have written a helper method to be used. At least it doesn't seem to do any harm. Before I go on to write tests and such it would be nice to have a review on this if the direction I am going is ok.

I am new to GitHub, OSS development and such. I don't see how I can create a bugfix-branch to push my changes to? Also I didn't find any styleguide on how to name branches (e.g. "bugfix/992-assert-correct-url" ?)

[jkowalleck]

Before I go on to write tests and such it would be nice to have a review on this if the direction I am going is ok.

sure thing. just open a pullrequest and i will have a look.

since you do not have write permission to this very repository, you would create a pullrequest from a fork: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork

Since you would create the branch in your fork, I don't mind the branch name.
Regarding contribution guidelines for this very project, read https://github.com/CycloneDX/cyclonedx-javascript-library/blob/main/CONTRIBUTING.md