request #30023 Remove automagic URI encoding in @tuleap/fetch-result

Artifact

Infos

Artifact ID#30023

Submitted byThomas Gerbet (tgerbet)

Last Modified On2023-01-04 18:13

Submitted on2023-01-03 14:47

Rank31608

Details

Summary *

Remove automagic URI encoding in @tuleap/fetch-result

Original Submission

@tuleap/fetch-result tries to automatically encode URI using the following code snippet:

export const getURI = (uri: string, params: AutoEncodedParameters = {}): string =>
    encodeURI(uri) + getSearchParams(params);

Unfortunately, this is problematic. encodeURI() does not encode everything we might need and it prevents the caller to use encodeURIComponent().

For example with the following URI /some_page/<name> where <name> is something dynamic, if you have a name like foo#bar you will get /some_page/foo#bar but it is more like you want /some_page/foo%23bar. The example is bit extreme to demonstrate the issue but it is not that unlikely to encounter one of the non escaped characters in more complex queries (e.g. /api/a?query=<JSON encoded string>. Also, encodeURI() will break valid URLs using IPv6 directly because it does not handle the square brackets defined in RFC3986 correctly (again not something common but something it would be preferable not to have to troubleshoot in production...).

The automagic URI encoding cannot really happen because we need to distinguish what is "user" data to what it is not. This is not something we can do when work on an opaque string.

CategoryOther

Reported in versionEmpty

PlatformEmpty

Is an Enhancement or an internal improvement?