Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

URL encode时对参数中+号的encode结果不正确,预期是%2B,实际将+号作为URI中的空格编码为%20 #226

Closed
walbx opened this issue Jul 12, 2018 · 1 comment
Closed

URL encode时对参数中+号的encode结果不正确,预期是%2B,实际将+号作为URI中的空格编码为%20 #226

walbx opened this issue Jul 12, 2018 · 1 comment
Labels
Bug Issues we’re aware of, regardless of where users have reported them (Forums, Twitter, etc.) Fixed The team has submitted code they believe will fix the issue. Hotlist-ConOps Private Hotlist Hotlist-DevOps Private Hotlist P1 Priority 1 (Required for the targeted milestone. Reserved for high user impact / quality)
Milestone
0.14

Comments

@walbx
Copy link

walbx commented Jul 12, 2018
edited
Loading

  • 现象: 平台在Generate request options阶段对url做默认encode时,query string参数值中的+号被识别为URI的空格,得到的编码是空格的编码%20,而不是期望的%2B
  • 问题: 如下常见场景中可能引发问题:当接口签名算法涉及Base64编码,或者在搜索接口中搜索字符串中存在+号时,将会导致签名错误或者查询结果与预期不一致的情况。
  • case: 一个POST接口,content-type选择x-www-form-urlencoded,接口中
    sign=z9+Lc7Ed9JZQSRBpNYlEfIm0BrM=这组queryString参数,hitchhiker日志里面看转码出来是sign=z9%20Lc7Ed9JZQSRBpNYlEfIm0BrM%3D,预期是sign=z9%2BLc7Ed9JZQSRBpNYlEfIm0BrM%3D
  • 我的临时解决办法: 将包含+号的参数组放在body中以form形式提交。但如果其他用户的被测服务对于入参有严格要求的情况,这个临时办法无法解决
  • 其他: 考虑使用encodeURIComponent()对query string部分的参数进行编码;
@brookshi
Copy link
Owner

嗯,重现了,已经做了encodeURIComponent(),但是之前的URL.parse有问题

@brookshi brookshi added Bug Issues we’re aware of, regardless of where users have reported them (Forums, Twitter, etc.) Hotlist-ConOps Private Hotlist Hotlist-DevOps Private Hotlist Available Confirmed and triaged, but not assigned. P1 Priority 1 (Required for the targeted milestone. Reserved for high user impact / quality) labels Jul 12, 2018
@brookshi brookshi added this to the 0.14 milestone Jul 12, 2018
@brookshi brookshi added Fixed The team has submitted code they believe will fix the issue. and removed Available Confirmed and triaged, but not assigned. labels Jul 22, 2018
brookshi added a commit that referenced this issue Jul 22, 2018
@brookshi
#226 rewrite URL.parse to avoid encoding '+' to ' '
352e781
@mikuazusa mikuazusa mentioned this issue Aug 17, 2018
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Issues we’re aware of, regardless of where users have reported them (Forums, Twitter, etc.) Fixed The team has submitted code they believe will fix the issue. Hotlist-ConOps Private Hotlist Hotlist-DevOps Private Hotlist P1 Priority 1 (Required for the targeted milestone. Reserved for high user impact / quality)
Projects
None yet
Milestone
0.14
Development

No branches or pull requests
2 participants
@walbx @brookshi