[Seaside] WAUrl class>>#decodePercent:

jtuchel at objektfabrik.de jtuchel at objektfabrik.de
Thu Aug 22 13:13:30 UTC 2013 

Okay, so the bug is almost obsolete ;-)

Just change the exception to something better than the result of next 
being undefined, like "Illegal URI", and all is good ;-)

In my case it was an ajax callback that got a parameter like '16=test%', 
because I had entered 'test%' into a text field that sends its contents 
in an ajax request. You may argue that characters like %, *, _ shouldn't 
be allowed for such cases anyways for all kinds of reasons (SQL 
injection, anyone?).

What I should do, obviously, is to use encodeURI() to convert the input 
field's contents before I use them as parameter of an ajax call, right? 
Or does this lead to double encoding?
I would expect $.ajax to encode its parameters correctly. Am I wrong?

Joachim


Am 22.08.13 15:01, schrieb Johan Brichau:
> I'm guessing the decoding should throw an error anyway since the string that does not adhere to the encoded format.
>
> On 22 Aug 2013, at 14:17, Joachim Tuchel <jtuchel at objektfabrik.de> wrote:
>
>> Thanks for entering a bug.
>>
>> In the meantime, I added a filter for the text to submit in the ajax request (using replace()), so the bug doesn`t hurt in my specific case any more.
>>
>> It is, btw, an interesting question what decoding of a uri that ends with one or multiple % should result in... I can't test right now, but i also thing decoding `abc%6' also fails because the methods expects two digits... (I am far away from an image at the moment...)
>>
>> Joachim
>>
>> Stephan Eggermont <stephan at stack.nl> schrieb:
>>
>>> Nice find
>>>
>>> http://code.google.com/p/seaside/issues/detail?id=762
>>>
>>> Stephan
>>> _______________________________________________
>>> seaside mailing list
>>> seaside at lists.squeakfoundation.org
>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>>>
>> _______________________________________________
>> seaside mailing list
>> seaside at lists.squeakfoundation.org
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
> _______________________________________________
> seaside mailing list
> seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>


-- 
-- 
----------------------------------------------------------------------- 
Objektfabrik Joachim Tuchel          mailto:jtuchel at objektfabrik.de 
Fliederweg 1                         http://www.objektfabrik.de
D-71640 Ludwigsburg 		     http://joachimtuchel.wordpress.com
Telefon: +49 7141 56 10 86 0         Fax: +49 7141 56 10 86 1

More information about the seaside mailing list