•  
      request #30023 Remove automagic URI encoding in @tuleap/fetch-result
    Infos
    #30023
    Thomas Gerbet (tgerbet)
    2023-01-04 18:13
    2023-01-03 14:47
    31614
    Details
    Remove automagic URI encoding in @tuleap/fetch-result

    @tuleap/fetch-result tries to automatically encode URI using the following code snippet:

    export const getURI = (uri: string, params: AutoEncodedParameters = {}): string =>
        encodeURI(uri) + getSearchParams(params);
    

    Unfortunately, this is problematic. encodeURI() does not encode everything we might need and it prevents the caller to use encodeURIComponent().

    For example with the following URI /some_page/<name> where <name> is something dynamic, if you have a name like foo#bar you will get /some_page/foo#bar but it is more like you want /some_page/foo%23bar. The example is bit extreme to demonstrate the issue but it is not that unlikely to encounter one of the non escaped characters in more complex queries (e.g. /api/a?query=<JSON encoded string>. Also, encodeURI() will break valid URLs using IPv6 directly because it does not handle the square brackets defined in RFC3986 correctly (again not something common but something it would be preferable not to have to troubleshoot in production...).

    The automagic URI encoding cannot really happen because we need to distinguish what is "user" data to what it is not. This is not something we can do when work on an opaque string.

    Other
    Empty
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2023-01-04
    Attachments
    Empty
    References

    Follow-ups