Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: properly encode url with unicode characters #1291

Merged
merged 2 commits into from Sep 20, 2021
Merged

fix: properly encode url with unicode characters #1291

merged 2 commits into from Sep 20, 2021

Conversation

LinusU
Copy link
Member

@LinusU LinusU commented Sep 14, 2021

What is the purpose of this pull request?

  • Documentation update
  • Bug fix
  • New feature
  • Other, please explain:

What changes did you make? (provide an overview)

I've added a call to encodeURI before parsing a passed in string as an url

Which issue (if any) does this pull request address?

#1290

Is there anything you'd like reviewers to know?

This is basically a backport of #701, but keeps the old code path for arbitrary URLs on the Request object which was supported in 2.x

@LinusU
Copy link
Member Author

@LinusU LinusU commented Sep 14, 2021

The build canceled.

Hmmm 🤔 no idea why that happened...

src/request.js Outdated Show resolved Hide resolved
@LinusU LinusU marked this pull request as draft Sep 14, 2021
@LinusU LinusU force-pushed the issue-1290 branch 2 times, most recently from e80c3f7 to cd81de3 Compare Sep 14, 2021
@LinusU LinusU marked this pull request as ready for review Sep 14, 2021
Copy link
Collaborator

@jimmywarting jimmywarting left a comment

can just as well take the opportunity to bump pkg.version and update the changelog as well?

@LinusU
Copy link
Member Author

@LinusU LinusU commented Sep 20, 2021

@jimmywarting pushed a commit for that 👍

@LinusU LinusU merged commit ace7536 into 2.x Sep 20, 2021
@LinusU LinusU deleted the issue-1290 branch Sep 20, 2021
@LinusU
Copy link
Member Author

@LinusU LinusU commented Sep 20, 2021

@jimmywarting I don't have permission to publish to npm, would you be able to?

I have pushed a v2.6.3 tag

@jimmywarting
Copy link
Collaborator

@jimmywarting jimmywarting commented Sep 20, 2021

Yes i have permission

@jimmywarting
Copy link
Collaborator

@jimmywarting jimmywarting commented Sep 20, 2021

Released 2.6.3 to npm and github release.
Should do a release for v3.x also

@dmichon-msft
Copy link

@dmichon-msft dmichon-msft commented Sep 21, 2021

This PR caused a breaking change to the encoding behavior of URLs that breaks, for example, the proper formatting of SAS tokens in URLs in @azure/core-http.

@LinusU
Copy link
Member Author

@LinusU LinusU commented Sep 27, 2021

@dmichon-msft sorry, I missed your comment here. As you are probably already aware this was fixed in 2.6.4, and we've added a test for it so that it won't happen again ☺️

@@ -36,6 +36,9 @@
"url": "https://github.com/bitinn/node-fetch/issues"
},
"homepage": "https://github.com/bitinn/node-fetch",
"dependencies": {
"whatwg-url": "^5.0.0"

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why this version?
actual is 9.1.0

this breaks our code because we have dependency on whatwg-url v.6.5.0 already

Copy link
Member Author

@LinusU LinusU Sep 29, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why this version?
actual is 9.1.0

This is the latest version that supports Node.js 4.x

this breaks our code because we have dependency on whatwg-url v.6.5.0 already

In which way does your app break? 🤔

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This also breaks my app : for security reasons, we use the --throw-deprecation and --pending-deprecation node flags, and whatwg-url appears to use Buffer() : I get

DeprecationWarningcode: DEP0005 DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
    at showFlaggedDeprecation (buffer.js:194:11)
    at new Buffer (buffer.js:278:3)
    at utf8PercentDecode (/project/node_modules/whatwg-url/lib/url-state-machine.js:105:17)
    at parseHost (/project/node_modules/whatwg-url/lib/url-state-machine.js:400:18)
    at URLStateMachine.parseHostName (/project/node_modules/whatwg-url/lib/url-state-machine.js:851:18)
    at new URLStateMachine (/project/node_modules/whatwg-url/lib/url-state-machine.js:562:44)
    at Object.module.exports.basicURLParse (/project/node_modules/whatwg-url/lib/url-state-machine.js:1258:15)
    at new URLImpl (/project/node_modules/whatwg-url/lib/URL-impl.js:17:27)
    at Object.setup (/project/node_modules/whatwg-url/lib/URL.js:187:17)
    at new URL (/project/node_modules/whatwg-url/lib/URL.js:25:18)

Copy link
Member Author

@LinusU LinusU Oct 14, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've asked upstream if we can create a 5.0.1 version of whatwg-url that avoids the deprecation warning here: jsdom/whatwg-url#216

But apart from that I'm not really sure how to handle using deprecated APIs 🤔 I don't think that I would consider it a breaking chance, but I'm not sure...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

6 participants