Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rethink URI sanitization #2

Open
rywall opened this issue Sep 13, 2018 · 2 comments
Open

Rethink URI sanitization #2

rywall opened this issue Sep 13, 2018 · 2 comments
Assignees
@rywall @njakobsen

Comments

@rywall
Copy link
Member

rywall commented Sep 13, 2018

The URI sanitization is starting to get a bit out of hand. I wonder if there is a different approach or if some of this is unnecessary with more modern browsers?

kmz_compressor/app/assets/javascripts/kmz_compressor/map_layer_manager.js

Line 271 in 4ef24aa

function sanitizeURI(uri) {

@njakobsen
Copy link
Member

We should probably not decode the entire URI search here

kmz_compressor/app/assets/javascripts/kmz_compressor/map_layer_manager.js

Line 277 in 4ef24aa

search = decodeURIComponent(search).trim().replace(/^\?/, '') // Remove any leading ?
. I believe the decodeURIComponent function is meant to be used on key and value strings, not the contacted search string itself.

@njakobsen
Copy link
Member

Maybe we want to rip the URI apart and turn it into an intermediate representation instead of leaving it as a URL that could potentially be affected by browser quirks, and then SHA it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rywall rywall

@njakobsen njakobsen

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rywall @njakobsen