You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@whimsical.apache.org by "Sebb (Jira)" <ji...@apache.org> on 2020/09/29 19:33:00 UTC
[jira] [Updated] (WHIMSY-344) Issues with URI.[un]escape
[ https://issues.apache.org/jira/browse/WHIMSY-344?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sebb updated WHIMSY-344:
------------------------
Summary: Issues with URI.[un]escape (was: Issues with URI.escape)
> Issues with URI.[un]escape
> --------------------------
>
> Key: WHIMSY-344
> URL: https://issues.apache.org/jira/browse/WHIMSY-344
> Project: Whimsy
> Issue Type: Bug
> Reporter: Sebb
> Priority: Major
>
> URI.[un]escape have been deprecated, and need to be replaced in Whimsy code.
> The suggested replacements are CGI.[un]escape and URI.[un]encode_www_form_component
> AFAICT these only work correctly for form parameters.
> Space is escaped to '+', and '+' is unescaped to space.
> This is incorrect for the path component, which uses %-encoding only.
> Note that the path component allows '+' without encoding.
> This clashes with the use of '+' to represent space when encoding form parameters.
> It looks like ERB::Util.url_encode may be OK for encoding path segments.
> It encodes more characters than necessary, but at least it only uses %-encoding.
> CGI.unescape will correctly decode a path encoded with ERB::Util.url_encode.
> However if a path component was encoded without %-encoding '+', CGI.unescape will incorrectly decode the '+' to space.
> URI.unescape uses URI::RFC2396_Parser under the hood, and that has not been deprecated.
> So a possible replacement is URI::RFC2396_Parser.new.unescape(path)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)