You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@whimsical.apache.org by "Sebb (Jira)" <ji...@apache.org> on 2020/09/29 19:33:00 UTC

[jira] [Updated] (WHIMSY-344) Issues with URI.[un]escape

     [ https://issues.apache.org/jira/browse/WHIMSY-344?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sebb updated WHIMSY-344:
------------------------
    Summary: Issues with URI.[un]escape  (was: Issues with URI.escape)

> Issues with URI.[un]escape
> --------------------------
>
>                 Key: WHIMSY-344
>                 URL: https://issues.apache.org/jira/browse/WHIMSY-344
>             Project: Whimsy
>          Issue Type: Bug
>            Reporter: Sebb
>            Priority: Major
>
> URI.[un]escape have been deprecated, and need to be replaced in Whimsy code.
> The suggested replacements are CGI.[un]escape and URI.[un]encode_www_form_component
> AFAICT these  only work correctly for form parameters.
> Space is escaped to '+', and '+' is unescaped to space.
> This is incorrect for the path component, which uses %-encoding only.
> Note that the path component allows '+' without encoding.
> This clashes with the use of '+' to represent space when encoding form parameters.
> It looks like ERB::Util.url_encode may be OK for encoding path segments.
> It encodes more characters than necessary, but at least it only uses %-encoding.
> CGI.unescape will correctly decode a path encoded with ERB::Util.url_encode.
> However if a path component was encoded without %-encoding '+', CGI.unescape will incorrectly decode the '+' to space.
> URI.unescape uses URI::RFC2396_Parser under the hood, and that has not been deprecated.
> So a possible replacement is URI::RFC2396_Parser.new.unescape(path)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)