From 83f478030c3a31676a3d13786d19e11dcca91891 Mon Sep 17 00:00:00 2001 From: Kurtis Rainbolt-Greene Date: Mon, 8 Jan 2024 14:01:03 -0800 Subject: [PATCH 1/2] Apply CGI.escape to non-array non-form values --- rswag-specs/lib/rswag/specs/request_factory.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rswag-specs/lib/rswag/specs/request_factory.rb b/rswag-specs/lib/rswag/specs/request_factory.rb index d68297b7..9222908c 100644 --- a/rswag-specs/lib/rswag/specs/request_factory.rb +++ b/rswag-specs/lib/rswag/specs/request_factory.rb @@ -174,7 +174,7 @@ def build_query_string_part(param, value, swagger_doc) return "#{escaped_name}=" + value.to_a.flatten.map{|v| CGI.escape(v.to_s) }.join(separator) end else - return "#{name}=#{value}" + return "#{name}=#{CGI.escape(value)}" end end From 1677c9eec0991ed355efa084a8d2f0476b67954a Mon Sep 17 00:00:00 2001 From: Kurtis Rainbolt-Greene Date: Mon, 8 Jan 2024 14:07:04 -0800 Subject: [PATCH 2/2] Writing a failing test --- .../spec/rswag/specs/request_factory_spec.rb | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/rswag-specs/spec/rswag/specs/request_factory_spec.rb b/rswag-specs/spec/rswag/specs/request_factory_spec.rb index 85e3c8d2..f14923b1 100644 --- a/rswag-specs/spec/rswag/specs/request_factory_spec.rb +++ b/rswag-specs/spec/rswag/specs/request_factory_spec.rb @@ -88,6 +88,21 @@ module Specs expect(request[:path]).to eq('/blogs?q1=foo&q2=bar') end + context 'when escaping is needed' do + before do + metadata[:operation][:parameters] = [ + { name: 'q1', in: :query, type: :string }, + { name: 'q2', in: :query, type: :string } + ] + allow(example).to receive(:q1).and_return('order #123') + allow(example).to receive(:q2).and_return('last % ditch') + end + + it 'builds the query string from example values with encoding' do + expect(request[:path]).to eq('/blogs?q1=foo&q2=bar') + end + end + context 'when `getter is defined`' do before do metadata[:operation][:parameters] << {