Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Link URL escaping breaks escaped URLs #1138

Open
peret opened this issue Dec 6, 2019 · 2 comments
Open

Link URL escaping breaks escaped URLs #1138

peret opened this issue Dec 6, 2019 · 2 comments

Comments

@peret
Copy link

peret commented Dec 6, 2019

I'm trying to generate a PDF containing a signed link. The signature strings contains characters that need to be URL encoded for use in the query parameters, e.g. "wJ7OAi7u3WSJtzEq0b+xaoEG9yY=". So my entire (encoded) link should be something like:
https://www.google.com?signature=wJ7OAi7u3WSJtzEq0b%2BxaoEG9yY%3D (non-sense link of course, just for illustration purposes).

Now, if I render this link using text with inline_format the resulting link will have the percent-characters in the already encoded string encoded again, resulting in this invalid link:
https://www.google.com?signature=wJ7OAi7u3WSJtzEq0b%252BxaoEG9yY%253D

However, if I pass the un-encoded URL, i.e. https://www.google.com?signature=wJ7OAi7u3WSJtzEq0b+xaoEG9yY=, no URL-escaping is happening at all, which also gives me a broken link, because the + is interpreted as a space.

Here's some sample code to reproduce the behaviour:

require 'cgi'
require 'prawn'

Prawn::Document.generate("url_escaped.pdf") do
  signature = CGI.escape("wJ7OAi7u3WSJtzEq0b+xaoEG9yY=")
  text("<u><color rgb=\"#78c8fa\">\
            <link href=\"https://www.google.com?signature=#{signature}\">Link</link>\
          </color></u>", inline_format: true)
end

Prawn::Document.generate("url_unescaped.pdf") do
  signature = "wJ7OAi7u3WSJtzEq0b+xaoEG9yY="
  text("<u><color rgb=\"#78c8fa\">\
            <link href=\"https://www.google.com?signature=#{signature}\">Link</link>\
          </color></u>", inline_format: true)
end

Why is the %-character seemingly escaped by prawn, but nothing else? Is this a legit bug or am I not using this method correctly?
@stellard
Copy link

@peret Hi did you ever discover the issue?

@gettalong
Copy link
Member

@stellard As far as I can determine from the code, Prawn does not do anything with the value of the "link" attribute with respect to escaping.

Looking at the generated PDF object for url_escaped.pdf results in:

<< /Border [0 0 0]
/A << /Type /Action
/S /URI
/URI (https://www.google.com?signature=wJ7OAi7u3WSJtzEq0b%2BxaoEG9yY%3D)
>>

So the escaped URL gets inserted. And when I open the PDF in Evince and click on the link I get directed to https://www.google.com/?signature=wJ7OAi7u3WSJtzEq0b%2BxaoEG9yY%3D.

Do you have a current example code that fails?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gettalong @stellard @peret