Remove location pathname decoding #656
Conversation
|
It looks like a lot of the failing tests are for the behavior you're removing, so they should either be removed as well or updated to assert that the pathname remains encoded (a simple find-and-replace of "/歴史" to "/%E6%AD%B4%E5%8F%B2" might do it) |
|
@kevinkyyro Done! I had to delete some tests which weren't valid anymore. |
OliverJAsh
force-pushed
the
oja/fix/remove-location-pathname-decoding
branch
from
e1c8d9e
to
ea4fac3
Compare
| TestSequences.PushInvalidPathname(history, done); | ||
| }); | ||
| }); | ||
|
|
There was a problem hiding this comment.
This test was no longer valid, since we don't throw an error now we have no decoding. (We assume the pathname provided will be correctly encoded.)
OliverJAsh
force-pushed
the
oja/fix/remove-location-pathname-decoding
branch
from
ea4fac3
to
4a8985b
Compare
|
@mjackson @kevinkyyro Any updates on this? |
|
Is there something one could potentially help out with to get this merged? Quite keen to get these changes merged since it's a rather big issue for us. |
There was a problem hiding this comment.
I noticed in CONTRIBUTING.md:
Also, please make sure the CHANGES.md document contains a short note about the nature of your change. Just follow the format of the existing entries in that document. If the most recent entry is a release, please start a new section under a ## HEAD heading.
This definitely seems worthy of a mention there
| @@ -32,21 +32,6 @@ export function createLocation(path, state, key, currentLocation) { | |||
| location.state = state; | |||
| } | |||
|
|
|||
| try { | |||
| location.pathname = decodeURI(location.pathname); | |||
There was a problem hiding this comment.
I wonder if the owners of this library would prefer a warning:
// in try-catch, no sense throwing any longer
if (location.pathname !== decodeURI(location.pathname)) {
// warn: pathnames are no longer automatically decoded
}
|
Thanks for the review @kevinkyyro. I'm happy to make those changes once I've heard back from a maintainer of this repository, as then I will be able to batch it with any other requested changes. /cc @mjackson @pshrmn |
|
@OliverJAsh when is this expected to merge to mainstream branch and released officially or let us know a workaround for this, something like overriding createLocation function inside our project. |
|
@saravanansarz I am not a maintainer of this repo. We are awaiting feedback from a maintainer. |
|
@mjackson @pshrmn Any updates of merging @OliverJAsh changes ? |
There was a problem hiding this comment.
I think (but am not certain) that this would have to be a major version bump of history in order to not break packages (e.g. React Router) that expect decoded pathnames.
Even if this PR was merged today, I couldn't give an estimate on when it would be published. Short term, publishing a fork is probably your best bet.
If you do publish a fork, I would leave a comment on the original issue about using Webpack's resolve.alias to use the fork with RR's build-in router components.
|
@pshrmn I expected this would require a major version bump, but it's got to happen at some point, and there's a lot of demand for it. What are the next steps to getting this PR merged? In the meantime, I commented here about how we're maintaining a local fork (via patch-package), and how others can do the same. Alternatively, someone could publish a fork online. |
|
To be frank, I don't know, which is why I suggest publishing a fork. That would also give some indication as to how much demand there is for this. |
Please note that the level of demand can already be seen in #505, which at present is the issue with most 👍 reactions and comments of all issues, open or closed. |
|
I fail to see why this should be a fork. If it was really only done as a convenience to RR (as indicated by #505), then really it should be done on RR's side and not in this library -- which would make it a lot simpler to turn off by introducing a config flag. Seems to me the sensible way to proceed is do a major bump with this PR, and then RR will have to adjust accordingly. |
|
I've come around a bit on this and while encoded strings will be more annoying to work with, they're the only way that we can correctly support all valid pathnames. Edit: I made the change myself, but I would appreciate if you take a look at the change and verify that this is fine with you.
location.pathname = encodeURL(location.pathname);
return location;That would ensure that every The I don't have the power to merge this myself (well, technically I can but the decision isn't really mine to make), but those changes would be enough for me to support putting them out as a v5 release. I have some thoughts on a future implementation that could support decoding, but they would also be breaking changes that would need to wait for a new React Router version, so that can wait. |
|
Thanks for the update @pshrmn. Initially I thought this change should disable decoding, instead just using the pathname the user provides. (We've been using this change locally for many months at Unsplash and had no problems.) However I see you're suggesting that we go further than this and proactively encode the URL (via I think it's hard to think through the implications of this. Is there any reason why we can't we just leave the One other thought I've just had: once this is done, we'll have to remember to decode params in React Router (#505 (comment)). |
|
@OliverJAsh Consistency. I believe that the I am open to removing the change if there is a good reason to support mixed As far as React Router goes, I think that the "safest" approach would be to release this under That would give us time to figure out the best approach for React Router v6, which would have encoded |
|
Let's put it to the users: #505 (comment). |
|
I've been following this discussion for a while; our project too has problems with history and decoding. A clean and clear API is very important. In my experience, correctness of URL encoding is not something that the average developer pays a lot of attention to. The number of bugs on the internet related to this mess is immense, it's not just react. "Auto-encoding" of a URL cannot be done unambiguously. Therefore, I think the new major version of the lib should only accept valid URLs as Just my 2 cents, as someone who has spent too many hours fixing sloppy URL code (disclaimer: my native alphabet is non-ASCII 😄 ) |
|
@pshrmn : It seems to me that the best path forward is to apply @kevinkyyro 's suggestion to generate a warning. However, I believe the correct implementation for that warning would be to use the following comparison : |
Just want to echo this - as someone handling URLs with unicode characters, I would much prefer the It's also important to avoid divergent URL behavior based on the entrypoint to a specific location, for instance visiting a URL directly, vs clicking on an Today, it's not possible to have a consistent experience due to the auto-encoding behavior, so we have to work around this by directly accessing |
|
Throwing on invalid pathnames is an interesting idea. <Link to={`/user/${encodeURIComponent("Beyoncé")}`}>Beyoncé</Link>It is certainly more verbose for users, but if it is safer and has the same end result, I can support that. I realized that we'll actually have to modify |
|
The last time I merged a PR that had to do with changing the way we do encoding, we ended up in this mess. @OliverJAsh Can you please summarize for me what your plan is here? There are so many changed files and so many comments... |
|
Just leaving a note that I reverted my changes for the time being because I don't want to hold this PR up while deciding what to do with non-fully-encoded pathnames. |
The best summary is still the one I linked to in this PR's description: #505 (comment). Essentially, with this change, we stop decoding There was some discussion about whether to proactively encode, but it seems this was dropped due to issues. There is still some ongoing discussion in this PR about whether to warn or throw when users provide It's still not clear how to manage this upgrade with regards to React Router, but @pshrmn has some thoughts. @mjackson We will likely need your help on this. When we do upgrade React Router to use this change, we will have to consider what to do with My two cents: it should decode them, because that's what other frameworks like Express do. Furthermore, it should decode them using |
|
Thanks, @OliverJAsh. And thank you for sticking with this for so long. Let's get this merged. Going forward, I think this library should have no opinion about encodings (it didn't, originally). When you read Since this is a breaking change we will need to bump the major version. I'll add this to the roadmap. |
|
Thank you for merging this! Please ping me in any upstream React Router changes which relate to this? :-) |
|
Great job @OliverJAsh on leading this PR! Thanks to @pshrmn and @mjackson for merging it! I'm looking forward for the upcoming release! |
Re. #505 (comment)
Fixes #505
To do: