File Picker card does not handle quotes in file name #385

Closed
ejzn opened this Issue Nov 21, 2012 · 12 comments

3 participants

@ejzn

Currently the File Picker card invoked using webworks properly returns the path, but when we trigger and event on the client side to return the path the javascript errors out since the encoded data is invalid.

It appears that encodeURIComponent is not properly escaping the quote character.

Try this in the console:

  • encodeURIComponent(JSON.stringify("hello ' hello")); -> "%22hello%20'%20hello%22"

In node it returns:

  • encodeURIComponent(JSON.stringify("hello ' hello")); - > '%22hello%20\'%20hello%22'

Tracked by PR: 248822

@ejzn

The PR has been closed as invalid. So now we must make sure we encode all quotes coming from the file picker, or wrap the encodeURIComponent function and do it ourselves.

@nukulb
@ejzn

How also where what?

Pr was closed against webkit. The call happens in Web works, only an issue because of the api bridge

@ejzn

Its an execute java script that needs to check the returned file path before calling execute Js on the client.

@nukulb

But the trigger function in the eventing framework from controller to client has this code-

   trigger: function (name) {
        //Change arguments into a real array instead of a fake one
        var args = Array.prototype.slice.call(arguments);
        //Send all the arguments as JSON
        _webview.executeJavascript("webworks.event.trigger('" + name + "', '" + encodeURIComponent(JSON.stringify(args.slice(1))) + "')");
    },  

Then why is this happening?

@nukulb

I understand, you are saying encodeURIComponent doesn't cover us for '
I see
I don't know how we can fix this though

@ejzn

There are a couple ways. We have to to fix it since it throws a Js error.

@nukulb
@nukulb

I can do this in chrome

encodeURIComponent(JSON.stringify("hello ' hello"));
"%22hello%20'%20hello%22"
encodeURIComponent(JSON.stringify(escape("hello ' hello")));
"%22hello%2520%2527%2520hello%22"
decodeURIComponent(unescape("%22hello%2520%2527%2520hello%22"))
""hello ' hello""
@ejzn

That looks like a good fix to me.

@nukulb

alright we will target R9E

@jeffheifetz

Fixed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment