Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: sanitize() double encode special characters #3271

Merged
merged 4 commits into from
Oct 17, 2023
Merged

fix: sanitize() double encode special characters #3271

merged 4 commits into from
Oct 17, 2023

Conversation

stepashka69
Copy link
Contributor

Description

Use URL().toString() to construct sanitised URI (including support of IP v6 URIs).
Fall back to the existent functionality in cases when URL() can not parse the URI.

Motivation and Context

The problem is described in #3270 .
Existent sanitize implementation doesn't return correct result when the URI contains encoded 'special' characters such as ; / ? : @ & = + $ , #.
Closes #3270

How Has This Been Tested?

Tested with existent unit tests.
Extended test for the case with special characters and added test case for IP v6.

Checklist

My PR contains...

  • No code changes (src/ is unmodified: changes to documentation, CI, metadata, etc.)
  • Dependency changes (any modification to dependencies in package.json)
  • Bug fixes (non-breaking change which fixes an issue)
  • Improvements (misc. changes to existing features)
  • Features (non-breaking change which adds functionality)

My changes...

  • are breaking changes to a public API (config options, System API, major UI change, etc).
  • are breaking changes to a private API (Redux, component props, utility functions, etc.).
  • are breaking changes to a developer API (npm script behavior changes, new dev system dependencies, etc).
  • are not breaking changes.

Documentation

  • My changes do not require a change to the project documentation.
  • My changes require a change to the project documentation.
  • If yes to above: I have updated the documentation accordingly.

Automated tests

  • My changes can not or do not need to be tested.
  • My changes can and should be tested by unit and/or integration tests.
  • If yes to above: I have added tests to cover my changes.
  • If yes to above: I have taken care to cover edge cases in my tests.
  • All new and existing tests passed.

@char0n char0n self-requested a review October 17, 2023 05:27
@char0n char0n self-assigned this Oct 17, 2023
@char0n char0n added bug Something isn't working ApiDOM labels Oct 17, 2023
@char0n
Copy link
Member

char0n commented Oct 17, 2023

Hi @stepashka69,

Thanks for the PR! I'll process it ASAP and release the bugfix.

@char0n
Copy link
Member

char0n commented Oct 17, 2023
edited
Loading

@stepashka69 looks good. There is additional unsanitize function, which needs to be aligned with the sanitized function now.

UPDATE:

decodeURI is currently not replaceable by URL (in it's current implementation). So we leave unsanitize untouched.

The URL interface is used to parse, construct, normalize, and encode URLs.

URLs are encoded according to the rules found in RFC 3986

char0n
char0n approved these changes Oct 17, 2023
View reviewed changes
Copy link
Member

@char0n char0n left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nicely done!

@char0n char0n merged commit 60eb1f4 into swagger-api:main Oct 17, 2023
7 of 8 checks passed
@char0n char0n mentioned this pull request Oct 17, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@char0n char0n char0n approved these changes

Assignees

@char0n char0n

Labels
ApiDOM bug Something isn't working
Projects
None yet
Milestone
No milestone
2 participants
@stepashka69 @char0n