Skip to content
This repository has been archived by the owner on Apr 12, 2024. It is now read-only.

fix($location): add semicolon to whitelist of delimiters to unencode #8377

Closed
wants to merge 1 commit into from
Closed

fix($location): add semicolon to whitelist of delimiters to unencode #8377

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions src/Angular.js
View file
Open in desktop
Expand Up @@ -1176,6 +1176,7 @@ function encodeUriQuery(val, pctEncodeSpaces) {
replace(/%3A/gi, ':').
replace(/%24/g, '$').
replace(/%2C/gi, ',').
replace(/%3B/gi, ';').
replace(/%20/g, (pctEncodeSpaces ? '%20' : '+'));
}

Expand Down
10 changes: 5 additions & 5 deletions test/AngularSpec.js
View file
Open in desktop
Expand Up @@ -668,16 +668,16 @@ describe('angular', function() {
toEqual('asdf1234asdf');

//don't encode unreserved'
expect(encodeUriSegment("-_.!~*'() -_.!~*'()")).
toEqual("-_.!~*'()%20-_.!~*'()");
expect(encodeUriSegment("-_.!~*'(); -_.!~*'();")).
toEqual("-_.!~*'();%20-_.!~*'();");

//don't encode the rest of pchar'
expect(encodeUriSegment(':@&=+$, :@&=+$,')).
toEqual(':@&=+$,%20:@&=+$,');

//encode '/', ';' and ' ''
//encode '/' and ' ''
expect(encodeUriSegment('/; /;')).
toEqual('%2F%3B%20%2F%3B');
toEqual('%2F;%20%2F;');
});
});

Expand All @@ -699,7 +699,7 @@ describe('angular', function() {

//encode '&', ';', '=', '+', and '#'
expect(encodeUriQuery('&;=+# &;=+#')).
toEqual('%26%3B%3D%2B%23+%26%3B%3D%2B%23');
toEqual('%26;%3D%2B%23+%26;%3D%2B%23');

//encode ' ' as '+'
expect(encodeUriQuery(' ')).
Expand Down
42 changes: 42 additions & 0 deletions test/ng/locationSpec.js
View file
Open in desktop
Expand Up @@ -62,6 +62,48 @@ describe('$location', function() {
});


it('should not infinitely digest when using a semicolon in initial path', function() {
module(function($windowProvider, $locationProvider, $browserProvider) {
$locationProvider.html5Mode(true);
$windowProvider.$get = function() {
var win = {};
angular.extend(win, window);
win.addEventListener = angular.noop;
win.removeEventListener = angular.noop;
win.history = {
replaceState: angular.noop,
pushState: angular.noop
};
win.location = {
href: 'http://localhost:9876/;jsessionid=foo',
replace: function(val) {
win.location.href = val;
}
};
return win;
};
$browserProvider.$get = function($document, $window) {
var sniffer = {history: true, hashchange: false};
var logs = {log:[], warn:[], info:[], error:[]};
var fakeLog = {log: function() { logs.log.push(slice.call(arguments)); },
warn: function() { logs.warn.push(slice.call(arguments)); },
info: function() { logs.info.push(slice.call(arguments)); },
error: function() { logs.error.push(slice.call(arguments)); }};

/* global Browser: false */
var b = new Browser($window, $document, fakeLog, sniffer);
b.pollFns = [];
return b;
};
});
var self = this;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so I'm not sure what we're using self for here, I'd remove that --- but with tests passing it looks good to me

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 - I suspect this line is left over from something else

inject(function($location, $browser, $rootScope) {
expect(function() {
$rootScope.$digest();
}).not.toThrow();
});
});

describe('NewUrl', function() {
beforeEach(function() {
url = new LocationHtml5Url('http://www.domain.com:9877/');
Expand Down