New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Escape anchor once in #url_for with Hash syntax #43293
base: main
Are you sure you want to change the base?
Conversation
04d5d9d
to
c8d6ea4
Compare
0839ea6
to
111b49b
Compare
@intrip I'm not quite sure what is the correct/expected behaviour here. "% ".to_param
=> "% "
["% "].to_param
=> "% "
{foo: "% "}.to_param
=> "foo=%25+" But the ActionDispatch::Journey::Router::Utils.escape_fragment("% ".to_param)
=> "%25%20"
ActionDispatch::Journey::Router::Utils.escape_fragment(["% "].to_param)
=> "%25%20"
ActionDispatch::Journey::Router::Utils.escape_fragment({foo: "% "}.to_param)
=> "foo=%2525+" I found the following Stackoverflow post that describes what should be used:
|
@p8 good point! I'll check and come back with more info. |
@p8 The stackoverflow post you linked makes sense. I've also checked URI RFC and Form spec which confirms that. I think the correct behaviour is to always use only I'll change the codebase accordingly and ping you again when done 🙂. Thanks! |
111b49b
to
82df220
Compare
82df220
to
057c063
Compare
# | ||
# This method is also aliased as +to_param+. | ||
def to_query(namespace = nil) | ||
def to_query(namespace = nil, escape: true) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Adding the keyword argument breaks clients which relies on *args
delegation. I'm not sure how big of an impact this will be but the fix on the clients is quite simple.
# The string pairs "key=value" that conform the query string | ||
# are sorted lexicographically in ascending order. | ||
# | ||
# This method is also aliased as +to_param+. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is redundant because RDoc already shows such info: "Also aliased as: to_param"
4c19b9d
to
62d85d3
Compare
@p8 I've changed the implementation as outlined in #43293 (comment). |
62d85d3
to
45c2cc5
Compare
Thanks for working on this @intrip! |
45c2cc5
to
c1d3a65
Compare
c1d3a65
to
0059867
Compare
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
ping |
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
pong |
Prior to this commit, `Hash#to_param` was an alias for `Hash#to_query`, which meant `Hash#to_param` CGI-escaped query string keys and values, like other `to_query` methods, but *unlike* other `to_param` methods. This caused double escaping in some cases, such as when passing a `Hash` as an `anchor` argument to `url_for`. This commit adds an internal-use-only optional `escape` block to `to_query` methods, and `Hash#to_param` now uses this block to bypass escaping, while still being implemented in terms of `Hash#to_query`. Fixes rails#43289. Closes rails#43293. Co-authored-by: Jacopo <beschi.jacopo@gmail.com>
Summary
Fixes #43289