New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
falcon.uri.encode_value does not encode the percent character #1872
Comments
Found this when trying to fix #1871... |
I'd be interested in taking this. |
That's awesome @MinesJA ! |
Will try to be quick then! |
So I think I found the cause of the bug, but had some questions on the functionality we're looking for. In this snippet, we check to see if a string has already been encoded, so if we encounter a string like 'abc%26def' we assume the '%26' was a result of the string already being encoded:
But it looks like 'quote' doesn't do that. I did notice this comment and was wondering why it was that we think there's a good chance the string has already been escaped by this point?
|
Heh, we need to check with @kgriffs then. However, personally, I think this is a bug regardless of the good intentions mentioned above. Not encoding already escaped characters could then mangle that URI in the same way as, for instance, @kgriffs thoughts? |
Here is the original issue: #68 Admittedly my original attempt at solution was implemented at the wrong layer; That being said, we should probably minimize breaking changes by retaining the current behavior for these Response properties/methods:
|
Ok cool, do you think the best way to handle this would be to split the method to retain current behavior for those properties/methods but expose general encode / encode_value methods that don't perform that check? I can submit a pr that demonstrates that if it's easier to continue the discussion on an actual proposal. |
@MinesJA Alternatively, we could probably add a new parameter to these methods controlling this behaviour (to detect and ignore existing escapes). The above mentioned properties could then use the new parameter to retain the backwards compatible behaviour. |
Ahh, that's much simpler. Ok, let me try to put something together for review. |
Change encode to escape percent by default even if percent appears to have already been escaped. Add check_is_escaped flag to allow for option to retain previous behavior of ignoring strings that appeared escaped. Use check_is_escaped=True behavior where encode and encode_value are used in response. closes falconry#1872
Split tests into already existing encode and encode_value tests. Revert accidental formatting changes. Fix comments. Tweak doc changelog. closes falconry#1872
Fix trailing white spaces. Makes cosmetic changes. closes falconry#1872
add additional check_is_escaped to expand code coverage closes: falconry#1872
revert unnecssary tox.ini change part of fix closing falconry#1872
create two new encode methods for encode and encode value that also check for escapes closes falconry#1872
update docs to reflect 2 added encode methods, encode_check_escaped and encode_value. edit method names and doc strings closes falconry#1872
update bugfix message to explain change. remove unnecessary comment. closes falconry#1872
add imports to falcon uri to satisfy doc test closes falconry#1872
falcon.uri.encode_value
says:However, it seems that the percent character itself is not encoded...
Cf
The text was updated successfully, but these errors were encountered: