Double encoding when sanitized URL with encoded symbols like %2F (/), %3B (;) etc. provided to sanitize() function #3270
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Q&A (please complete the following information)
Describe the bug you're encountering
The bug is follow up of the by reported for SwaggerUI swagger-api/swagger-ui#9304 where it causes the practical problem.
Calling the
sanitize()function in https://github.com/swagger-api/apidom/blob/main/packages/apidom-reference/src/util/url.ts#L248 cause double encoding when URL already contains encoded 'special' symbols:; / ? : @ & = + $ , #To reproduce...
Steps to reproduce the behavior:
sanitize()function with URL that contains encoded symbols %2F , %3B etc. Similar to test case https://github.com/swagger-api/apidom/blob/main/packages/apidom-reference/test/util/url.ts#L294 . For examplesanitize('https://example.com/path%20with%20spaces%2Fslashes%3Bsemicolons/?including=in%3Fparameters')'https://example.com/path%20with%20spaces%2Fslashes%3Bsemicolons/?including=in%3Fparameters.The real output is this:
https://example.com/path%20with%20spaces%252Fslashes%253Bsemicolons/?including=in%253Fparameters.The
%of the%2Fand%3Bare encoded. It should not happen.Expected behavior
The encoded URL passed to
sanitize()should remain the same for all possible combinations of encoded symbolsAdditional context or thoughts
The reason for the issue is that
decodeURI()andencodeURI()leave 'special' symbols; / ? : @ & = + $ , #encoding unchanged. It is mentioned in the documentation at https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/decodeURI#description and https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI#description .The text was updated successfully, but these errors were encountered: