fix: URL-encode pad names in admin 'Open' button and recent pads (#7865)#7895
Open
JohnMcLear wants to merge 1 commit into
Open
fix: URL-encode pad names in admin 'Open' button and recent pads (#7865)#7895JohnMcLear wants to merge 1 commit into
JohnMcLear wants to merge 1 commit into
Conversation
- encodeURIComponent in admin PadPage 'Open' button href - decodeURIComponent when reading pad name from URL pathname in pad_userlist.ts and colibris/pad.js (recent pads storage) - encodeURIComponent in colibris/index.js recent pads href; display text uses stored name directly (no double-decode) - add recent_pads spec asserting encoded URLs - add share dialog spec asserting URL encoding of special chars
Qodo reviews are paused for this user.Troubleshooting steps vary by plan Learn more → On a Teams plan? Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center? |
Review Summary by QodoFix URL encoding of pad names in admin and recent pads
WalkthroughsDescription• URL-encode pad names in admin dashboard "Open" button • Decode pad names from URL pathname for recent pads • Encode pad names in recent pads links and localStorage • Add tests for URL encoding of special characters Diagramflowchart LR
A["Pad Name with Special Chars"] -->|encodeURIComponent| B["Admin Open Button"]
A -->|encodeURIComponent| C["Recent Pads Link"]
D["URL Pathname"] -->|decodeURIComponent| E["Pad Name for Matching"]
E --> F["localStorage Storage"]
G["Share Dialog"] -->|encodeURIComponent| H["Share Link"]
File Changes1. admin/src/pages/PadPage.tsx
|
Code Review by Qodo
Context used 1. Recent pads double-encoding
|
![qodo-free-for-open-source-projects[bot]](https://avatars.githubusercontent.com/in/1068000?s=60&v=4){kind=small}
|
|
||
| li.className = 'recent-pad'; | ||
| const padPath = `${window.location.href}p/${pad.name}`; | ||
| const padPath = `${window.location.href}p/${encodeURIComponent(pad.name)}`; |
There was a problem hiding this comment.
1. Recent pads double-encoding 🐞 Bug ≡ Correctness
colibris recent pad links now apply encodeURIComponent(pad.name) to values loaded from recentPads, so pre-existing entries that already contain percent-escapes (e.g. Test%2F123) will become double-encoded (%252F) and open the wrong pad. This is triggered by the storage format changing to decoded names in colibris/pad.js without migrating older stored values.
Agent Prompt
## Issue description
`recentPads` entries from older versions can already be URL-encoded. The new code encodes `pad.name` again when building the href, producing double-encoded URLs and broken navigation.
## Issue Context
- `colibris/pad.js` now stores a decoded pad name.
- `colibris/index.js` encodes whatever is stored in localStorage when generating recent pad URLs.
- Existing localStorage data is not migrated/normalized.
## Fix
When reading `recentPads` from localStorage in `colibris/index.js`, normalize each entry’s name to a decoded form using a safe decode (try/catch). Then:
- Use the normalized (decoded) name for `link.innerText`.
- Use `encodeURIComponent(normalizedName)` for the href.
- Optionally rewrite localStorage once with normalized names so the fix is persistent and deduping works consistently.
## Fix Focus Areas
- src/static/skins/colibris/index.js[34-79]
- src/static/skins/colibris/pad.js[10-34]
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes #7865 — Admin Dashboard "Open" button does not URL-encode slashes in pad names, causing broken navigation for pads like
Test/123.Changes
admin/src/pages/PadPage.tsx— AddedencodeURIComponent()aroundpad.padNamein the "Open" button URL. No formatting changes.src/static/js/pad_userlist.ts— AddeddecodeURIComponent()when reading pad name from URL pathname for recent pads member-count matching.src/static/skins/colibris/pad.js— AddeddecodeURIComponent()when reading pad name from URL pathname before storing in localStorage.src/static/skins/colibris/index.js— AddedencodeURIComponent()in the recent pads href. Display text (link.innerText) usespad.namedirectly — no double-decode (avoidsURIErroron names containing literal%).Tests
src/tests/frontend-new/specs/recent_pads.spec.ts(new) — Verifies recent pads links have properly encoded URLs while showing the decoded name.src/tests/frontend-new/specs/embed_value.spec.ts— Added share dialog test asserting special characters (e.g.%2F) are preserved in the share link.Notes
No formatting/whitespace changes anywhere. No unrelated files touched.