fix: only encode when needed

Author: posva

playground/typed-router.d.ts

@@ -186,7 +186,7 @@ declare module 'vue-router/auto-routes' {
     >,
     '/emoji-🤡': RouteRecordInfo<
       '/emoji-🤡',
-      '/emoji-🤡',
+      '/emoji-%F0%9F%A4%A1',
       Record<never, never>,
       Record<never, never>,
       | never

src/codegen/__snapshots__/generateRouteRecords.spec.ts.snap

@@ -61,6 +61,49 @@ exports[`generateRouteRecord > correctly names index files 1`] = `
 ]"
 `;
 
+exports[`generateRouteRecord > does not encode RFC 3986 valid path characters 1`] = `
+"[
+  {
+    path: '/@profile',
+    name: '/@profile',
+    component: () => import('@profile.vue'),
+    /* no children */
+  },
+  {
+    path: '/foo*bar',
+    name: '/foo*bar',
+    component: () => import('foo*bar.vue'),
+    /* no children */
+  },
+  {
+    path: '/hello!',
+    name: '/hello!',
+    component: () => import('hello!.vue'),
+    /* no children */
+  },
+  {
+    path: '/it's-fine',
+    name: '/it's-fine',
+    component: () => import('it's-fine.vue'),
+    /* no children */
+  },
+  {
+    path: '/item(1)',
+    name: '/item(1)',
+    component: () => import('item(1).vue'),
+    /* no children */
+  },
+  {
+    path: '/user',
+    name: '/user',
+    components: {
+      'domain': () => import('user@domain.vue')
+    },
+    /* no children */
+  }
+]"
+`;
+
 exports[`generateRouteRecord > encodes special characters in path segments 1`] = `
 "[
   {

src/codegen/__snapshots__/generateRouteResolver.spec.ts.snap

@@ -1,5 +1,66 @@
 // Vitest Snapshot v1, https://vitest.dev/guide/snapshot.html
 
+exports[`generateRouteResolver > does not encode RFC 3986 valid path characters 1`] = `
+"
+const __route_0 = normalizeRouteRecord({
+  name: '/@profile',
+  path: new MatcherPatternPathStatic('/@profile'),
+  components: {
+    'default': () => import('@profile.vue')
+  },
+})
+
+const __route_1 = normalizeRouteRecord({
+  name: '/foo*bar',
+  path: new MatcherPatternPathStatic('/foo*bar'),
+  components: {
+    'default': () => import('foo*bar.vue')
+  },
+})
+
+const __route_2 = normalizeRouteRecord({
+  name: '/hello!',
+  path: new MatcherPatternPathStatic('/hello!'),
+  components: {
+    'default': () => import('hello!.vue')
+  },
+})
+
+const __route_3 = normalizeRouteRecord({
+  name: '/it's-fine',
+  path: new MatcherPatternPathStatic('/it's-fine'),
+  components: {
+    'default': () => import('it's-fine.vue')
+  },
+})
+
+const __route_4 = normalizeRouteRecord({
+  name: '/item(1)',
+  path: new MatcherPatternPathStatic('/item(1)'),
+  components: {
+    'default': () => import('item(1).vue')
+  },
+})
+
+const __route_5 = normalizeRouteRecord({
+  name: '/user',
+  path: new MatcherPatternPathStatic('/user'),
+  components: {
+    'domain': () => import('user@domain.vue')
+  },
+})
+
+export const resolver = createFixedResolver([
+  __route_0,  // /@profile
+  __route_1,  // /foo*bar
+  __route_2,  // /hello!
+  __route_3,  // /it's-fine
+  __route_4,  // /item(1)
+  __route_5,  // /user
+])
+"
+`;
+
 exports[`generateRouteResolver > encodes special characters in route resolver paths 1`] = `
 "
 const __route_0 = normalizeRouteRecord({

src/codegen/generateRouteRecords.spec.ts

@@ -113,6 +113,22 @@ describe('generateRouteRecord', () => {
     expect(generateRouteRecordSimple(tree)).toMatchSnapshot()
   })
 
+  it('does not encode RFC 3986 valid path characters', () => {
+    const tree = new PrefixTree(DEFAULT_OPTIONS)
+
+    // @ character (common in profile/user routes)
+    tree.insert('@profile', '@profile.vue')
+    tree.insert('user@domain', 'user@domain.vue')
+
+    // Other valid sub-delimiters
+    tree.insert('hello!', 'hello!.vue')
+    tree.insert("it's-fine", "it's-fine.vue")
+    tree.insert('item(1)', 'item(1).vue')
+    tree.insert('foo*bar', 'foo*bar.vue')
+
+    expect(generateRouteRecordSimple(tree)).toMatchSnapshot()
+  })
+
   it('generate static imports', () => {
     const options = resolveOptions({
       ...DEFAULT_OPTIONS,

src/codegen/generateRouteResolver.spec.ts

@@ -920,4 +920,27 @@ describe('generateRouteResolver', () => {
 
     expect(resolver).toMatchSnapshot()
   })
+
+  it('does not encode RFC 3986 valid path characters', () => {
+    const tree = new PrefixTree(DEFAULT_OPTIONS)
+
+    // @ character (common in profile/user routes)
+    tree.insert('@profile', '@profile.vue')
+    tree.insert('user@domain', 'user@domain.vue')
+
+    // Other valid sub-delimiters
+    tree.insert('hello!', 'hello!.vue')
+    tree.insert("it's-fine", "it's-fine.vue")
+    tree.insert('item(1)', 'item(1).vue')
+    tree.insert('foo*bar', 'foo*bar.vue')
+
+    const resolver = generateRouteResolver(
+      tree,
+      DEFAULT_OPTIONS,
+      new ImportsMap(),
+      new Map()
+    )
+
+    expect(resolver).toMatchSnapshot()
+  })
 })

src/core/treeNodeValue.ts

@@ -4,6 +4,7 @@ import {
   CustomRouteBlockQueryParamOptions,
 } from './customBlock'
 import { joinPath, mergeRouteRecordOverride, warn } from './utils'
+import { encodePath } from '../utils/encoding'
 
 export const enum TreeNodeType {
   static,
@@ -606,7 +607,7 @@ function parseFileSegment(
       // Encode static segments for URL safety, but preserve slashes from dotNesting
       const encodedBuffer = buffer
         .split('/')
-        .map((part) => encodeURIComponent(part))
+        .map((part) => encodePath(part))
         .join('/')
       pathSegment += encodedBuffer
       subSegments.push(encodedBuffer)

src/utils/encoding.ts

@@ -0,0 +1,159 @@
+import { warn } from '../core/utils'
+
+/**
+ * Encoding Rules (␣ = Space)
+ * - Path: ␣ " < > # ? { }
+ * - Query: ␣ " < > # & =
+ * - Hash: ␣ " < > `
+ *
+ * On top of that, the RFC3986 (https://tools.ietf.org/html/rfc3986#section-2.2)
+ * defines some extra characters to be encoded. Most browsers do not encode them
+ * in encodeURI https://github.com/whatwg/url/issues/369, so it may be safer to
+ * also encode `!'()*`. Leaving un-encoded only ASCII alphanumeric(`a-zA-Z0-9`)
+ * plus `-._~`. This extra safety should be applied to query by patching the
+ * string returned by encodeURIComponent encodeURI also encodes `[\]^`. `\`
+ * should be encoded to avoid ambiguity. Browsers (IE, FF, C) transform a `\`
+ * into a `/` if directly typed in. The _backtick_ (`````) should also be
+ * encoded everywhere because some browsers like FF encode it when directly
+ * written while others don't. Safari and IE don't encode ``"<>{}``` in hash.
+ */
+// const EXTRA_RESERVED_RE = /[!'()*]/g
+// const encodeReservedReplacer = (c: string) => '%' + c.charCodeAt(0).toString(16)
+
+const HASH_RE = /#/g // %23
+const AMPERSAND_RE = /&/g // %26
+export const SLASH_RE = /\//g // %2F
+const EQUAL_RE = /=/g // %3D
+const IM_RE = /\?/g // %3F
+export const PLUS_RE = /\+/g // %2B
+/**
+ * NOTE: It's not clear to me if we should encode the + symbol in queries, it
+ * seems to be less flexible than not doing so and I can't find out the legacy
+ * systems requiring this for regular requests like text/html. In the standard,
+ * the encoding of the plus character is only mentioned for
+ * application/x-www-form-urlencoded
+ * (https://url.spec.whatwg.org/#urlencoded-parsing) and most browsers seems lo
+ * leave the plus character as is in queries. To be more flexible, we allow the
+ * plus character on the query, but it can also be manually encoded by the user.
+ *
+ * Resources:
+ * - https://url.spec.whatwg.org/#urlencoded-parsing
+ * - https://stackoverflow.com/questions/1634271/url-encoding-the-space-character-or-20
+ */
+
+const ENC_BRACKET_OPEN_RE = /%5B/g // [
+const ENC_BRACKET_CLOSE_RE = /%5D/g // ]
+const ENC_CARET_RE = /%5E/g // ^
+const ENC_BACKTICK_RE = /%60/g // `
+const ENC_CURLY_OPEN_RE = /%7B/g // {
+const ENC_PIPE_RE = /%7C/g // |
+const ENC_CURLY_CLOSE_RE = /%7D/g // }
+const ENC_SPACE_RE = /%20/g // }
+
+/**
+ * Encode characters that need to be encoded on the path, search and hash
+ * sections of the URL.
+ *
+ * @internal
+ * @param text - string to encode
+ * @returns encoded string
+ */
+export function commonEncode(text: string | number | null | undefined): string {
+  return text == null
+    ? ''
+    : encodeURI('' + text)
+        .replace(ENC_PIPE_RE, '|')
+        .replace(ENC_BRACKET_OPEN_RE, '[')
+        .replace(ENC_BRACKET_CLOSE_RE, ']')
+}
+
+/**
+ * Encode characters that need to be encoded on the hash section of the URL.
+ *
+ * @param text - string to encode
+ * @returns encoded string
+ */
+export function encodeHash(text: string): string {
+  return commonEncode(text)
+    .replace(ENC_CURLY_OPEN_RE, '{')
+    .replace(ENC_CURLY_CLOSE_RE, '}')
+    .replace(ENC_CARET_RE, '^')
+}
+
+/**
+ * Encode characters that need to be encoded query values on the query
+ * section of the URL.
+ *
+ * @param text - string to encode
+ * @returns encoded string
+ */
+export function encodeQueryValue(text: string | number): string {
+  return (
+    commonEncode(text)
+      // Encode the space as +, encode the + to differentiate it from the space
+      .replace(PLUS_RE, '%2B')
+      .replace(ENC_SPACE_RE, '+')
+      .replace(HASH_RE, '%23')
+      .replace(AMPERSAND_RE, '%26')
+      .replace(ENC_BACKTICK_RE, '`')
+      .replace(ENC_CURLY_OPEN_RE, '{')
+      .replace(ENC_CURLY_CLOSE_RE, '}')
+      .replace(ENC_CARET_RE, '^')
+  )
+}
+
+/**
+ * Like `encodeQueryValue` but also encodes the `=` character.
+ *
+ * @param text - string to encode
+ */
+export function encodeQueryKey(text: string | number): string {
+  return encodeQueryValue(text).replace(EQUAL_RE, '%3D')
+}
+
+/**
+ * Encode characters that need to be encoded on the path section of the URL.
+ *
+ * @param text - string to encode
+ * @returns encoded string
+ */
+export function encodePath(text: string | number | null | undefined): string {
+  return commonEncode(text).replace(HASH_RE, '%23').replace(IM_RE, '%3F')
+}
+
+/**
+ * Encode characters that need to be encoded on the path section of the URL as a
+ * param. This function encodes everything {@link encodePath} does plus the
+ * slash (`/`) character. If `text` is `null` or `undefined`, returns an empty
+ * string instead.
+ *
+ * @param text - string to encode
+ * @returns encoded string
+ */
+export function encodeParam(text: string | number | null | undefined): string {
+  return encodePath(text).replace(SLASH_RE, '%2F')
+}
+
+/**
+ * Decode text using `decodeURIComponent`. Returns the original text if it
+ * fails.
+ *
+ * @param text - string to decode
+ * @returns decoded string
+ */
+export function decode(text: string | number): string
+export function decode(text: null | undefined): null
+export function decode(text: string | number | null | undefined): string | null
+export function decode(
+  text: string | number | null | undefined
+): string | null {
+  if (text == null) return null
+  try {
+    return decodeURIComponent('' + text)
+  } catch (err) {
+    if (process.env.NODE_ENV !== 'production') {
+      warn(`Error decoding "${text}". Using original value`)
+    }
+  }
+  return '' + text
+}