Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP


File Picker card does not handle quotes in file name #385

ejzn opened this Issue · 12 comments

3 participants

Erik Johnson Nukul Bhasin Jeffrey Heifetz
Erik Johnson

Currently the File Picker card invoked using webworks properly returns the path, but when we trigger and event on the client side to return the path the javascript errors out since the encoded data is invalid.

It appears that encodeURIComponent is not properly escaping the quote character.

Try this in the console:

  • encodeURIComponent(JSON.stringify("hello ' hello")); -> "%22hello%20'%20hello%22"

In node it returns:

  • encodeURIComponent(JSON.stringify("hello ' hello")); - > '%22hello%20\'%20hello%22'

Tracked by PR: 248822

Erik Johnson

The PR has been closed as invalid. So now we must make sure we encode all quotes coming from the file picker, or wrap the encodeURIComponent function and do it ourselves.

Nukul Bhasin
Erik Johnson

How also where what?

Pr was closed against webkit. The call happens in Web works, only an issue because of the api bridge

Erik Johnson

Its an execute java script that needs to check the returned file path before calling execute Js on the client.

Nukul Bhasin

But the trigger function in the eventing framework from controller to client has this code-

   trigger: function (name) {
        //Change arguments into a real array instead of a fake one
        var args =;
        //Send all the arguments as JSON
        _webview.executeJavascript("webworks.event.trigger('" + name + "', '" + encodeURIComponent(JSON.stringify(args.slice(1))) + "')");

Then why is this happening?

Nukul Bhasin

I understand, you are saying encodeURIComponent doesn't cover us for '
I see
I don't know how we can fix this though

Erik Johnson

There are a couple ways. We have to to fix it since it throws a Js error.

Nukul Bhasin
Nukul Bhasin

I can do this in chrome

encodeURIComponent(JSON.stringify("hello ' hello"));
encodeURIComponent(JSON.stringify(escape("hello ' hello")));
""hello ' hello""
Erik Johnson

That looks like a good fix to me.

Nukul Bhasin

alright we will target R9E

Jeffrey Heifetz


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.