[Seaside] WAUrl class>>#decodePercent:
jtuchel at objektfabrik.de
jtuchel at objektfabrik.de
Thu Aug 22 13:24:55 UTC 2013
Sorry for answering to my own question.
I added an encodeURI() before sending the ajax request and all is well
now. The uris to be parsed can now contain as many percent signs as they
want, the decodePercent: method doesn't fail any more.
So this was my fault for sure.
Still I don't think that decodePercent: should fail because it tries to
read past the end of the incoming string/stream. It should throw an
exception that states a uri seems to be ill-formed...
Joachim
Am 22.08.13 15:13, schrieb jtuchel at objektfabrik.de:
> Okay, so the bug is almost obsolete ;-)
>
> Just change the exception to something better than the result of next
> being undefined, like "Illegal URI", and all is good ;-)
>
> In my case it was an ajax callback that got a parameter like
> '16=test%', because I had entered 'test%' into a text field that sends
> its contents in an ajax request. You may argue that characters like %,
> *, _ shouldn't be allowed for such cases anyways for all kinds of
> reasons (SQL injection, anyone?).
>
> What I should do, obviously, is to use encodeURI() to convert the
> input field's contents before I use them as parameter of an ajax call,
> right? Or does this lead to double encoding?
> I would expect $.ajax to encode its parameters correctly. Am I wrong?
>
> Joachim
>
>
> Am 22.08.13 15:01, schrieb Johan Brichau:
>> I'm guessing the decoding should throw an error anyway since the
>> string that does not adhere to the encoded format.
>>
>> On 22 Aug 2013, at 14:17, Joachim Tuchel <jtuchel at objektfabrik.de>
>> wrote:
>>
>>> Thanks for entering a bug.
>>>
>>> In the meantime, I added a filter for the text to submit in the ajax
>>> request (using replace()), so the bug doesn`t hurt in my specific
>>> case any more.
>>>
>>> It is, btw, an interesting question what decoding of a uri that ends
>>> with one or multiple % should result in... I can't test right now,
>>> but i also thing decoding `abc%6' also fails because the methods
>>> expects two digits... (I am far away from an image at the moment...)
>>>
>>> Joachim
>>>
>>> Stephan Eggermont <stephan at stack.nl> schrieb:
>>>
>>>> Nice find
>>>>
>>>> http://code.google.com/p/seaside/issues/detail?id=762
>>>>
>>>> Stephan
>>>> _______________________________________________
>>>> seaside mailing list
>>>> seaside at lists.squeakfoundation.org
>>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>>>>
>>> _______________________________________________
>>> seaside mailing list
>>> seaside at lists.squeakfoundation.org
>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>> _______________________________________________
>> seaside mailing list
>> seaside at lists.squeakfoundation.org
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>>
>
>
--
--
-----------------------------------------------------------------------
Objektfabrik Joachim Tuchel mailto:jtuchel at objektfabrik.de
Fliederweg 1 http://www.objektfabrik.de
D-71640 Ludwigsburg http://joachimtuchel.wordpress.com
Telefon: +49 7141 56 10 86 0 Fax: +49 7141 56 10 86 1
More information about the seaside
mailing list