File Picker card does not handle quotes in file name #385

ejzn opened this Issue Nov 21, 2012 · 12 comments

3 participants


Currently the File Picker card invoked using webworks properly returns the path, but when we trigger and event on the client side to return the path the javascript errors out since the encoded data is invalid.

It appears that encodeURIComponent is not properly escaping the quote character.

Try this in the console:

  • encodeURIComponent(JSON.stringify("hello ' hello")); -> "%22hello%20'%20hello%22"

In node it returns:

  • encodeURIComponent(JSON.stringify("hello ' hello")); - > '%22hello%20\'%20hello%22'

Tracked by PR: 248822


The PR has been closed as invalid. So now we must make sure we encode all quotes coming from the file picker, or wrap the encodeURIComponent function and do it ourselves.


How also where what?

Pr was closed against webkit. The call happens in Web works, only an issue because of the api bridge


Its an execute java script that needs to check the returned file path before calling execute Js on the client.


But the trigger function in the eventing framework from controller to client has this code-

   trigger: function (name) {
        //Change arguments into a real array instead of a fake one
        var args =;
        //Send all the arguments as JSON
        _webview.executeJavascript("webworks.event.trigger('" + name + "', '" + encodeURIComponent(JSON.stringify(args.slice(1))) + "')");

Then why is this happening?


I understand, you are saying encodeURIComponent doesn't cover us for '
I see
I don't know how we can fix this though


There are a couple ways. We have to to fix it since it throws a Js error.


I can do this in chrome

encodeURIComponent(JSON.stringify("hello ' hello"));
encodeURIComponent(JSON.stringify(escape("hello ' hello")));
""hello ' hello""

That looks like a good fix to me.


alright we will target R9E



Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment