Profile IDs are arbitrary strings, but they are used directly without sanitization when building URLs to view a profile's details.
Example from apps/start/src/components/profiles/table/columns.tsx
<ProjectLink
href={`/profiles/${profile.id}`}
className="flex items-center gap-2 font-medium"
title={getProfileName(profile, false)}
>When a profile ID has non-url-safe characters, this breaks the link by generating a url like /profiles/xyz/123 for the id xyz/123.
Obviously a simple answer is "use better ids" 😆 but I'm dealing with some legacy data we need to maintain.
This likely extends to other areas of the UI where links and queries are generated using unsafe user-provided content.
Profile IDs are arbitrary strings, but they are used directly without sanitization when building URLs to view a profile's details.
Example from
apps/start/src/components/profiles/table/columns.tsxWhen a profile ID has non-url-safe characters, this breaks the link by generating a url like
/profiles/xyz/123for the idxyz/123.Obviously a simple answer is "use better ids" 😆 but I'm dealing with some legacy data we need to maintain.
This likely extends to other areas of the UI where links and queries are generated using unsafe user-provided content.