Server crashes with a malformed URI

[ivanhofer]

Describe the bug

The server crashes when someone tries to load a malformed URI like the following:
/%c0%ae%c0%ae/etc/passwd

This issue probably only occurs for the node adapter. I tried it with a vercel project and it seems like vercel itself catches the malformed request before it reaches the SvelteKit application.

Reproduction

• create a new SvelteKit project
• run npm run build
• run npm start
• access following url in your browser: http://localhost:3000/%c0%ae%c0%ae/etc/passwd
  => the server has crashed

Logs

During local development you will get following error:

[vite] Internal server error: URI malformed
      at decodeURI (<anonymous>)

System Info

System:
    OS: Windows 10 10.0.22000
    CPU: (12) x64 Intel(R) Core(TM) i7-9850H CPU @ 2.60GHz
    Memory: 15.01 GB / 31.73 GB
  Binaries:
    Node: 16.15.0 - ~\AppData\Local\Volta\tools\image\node\16.15.0\node.EXE
    Yarn: 1.22.17 - ~\AppData\Local\Volta\tools\image\yarn\1.22.17\bin\yarn.CMD
    npm: 8.5.5 - ~\AppData\Local\Volta\tools\image\node\16.15.0\npm.CMD
  Browsers:
    Edge: Spartan (44.22000.120.0), Chromium (102.0.1245.33), ChromiumDev (104.0.1278.2)
    Internet Explorer: 11.0.22000.120
  npmPackages:
    @sveltejs/adapter-node: 1.0.0-next.73 => 1.0.0-next.73 
    @sveltejs/kit: 1.0.0-next.315 => 1.0.0-next.315 
    svelte: ^3.47.0 => 3.47.0

Severity

serious, but I can work around it

Additional Information

Current workaround: fixing SvelteKit with patch-package

[benmccann]

Duplicate of #5090