[Seaside] WAUrl class>>#decodePercent:
Johan Brichau
johan at inceptive.be
Thu Aug 22 18:18:56 UTC 2013
Joachim,
Are you using the jQuery ajax wrappers for Seaside?
Because they are doing this automatically for you (e.g. callback:value: )
Johan
On 22 Aug 2013, at 15:24, jtuchel at objektfabrik.de wrote:
> Sorry for answering to my own question.
>
> I added an encodeURI() before sending the ajax request and all is well now. The uris to be parsed can now contain as many percent signs as they want, the decodePercent: method doesn't fail any more.
> So this was my fault for sure.
>
> Still I don't think that decodePercent: should fail because it tries to read past the end of the incoming string/stream. It should throw an exception that states a uri seems to be ill-formed...
>
> Joachim
>
> Am 22.08.13 15:13, schrieb jtuchel at objektfabrik.de:
>> Okay, so the bug is almost obsolete ;-)
>>
>> Just change the exception to something better than the result of next being undefined, like "Illegal URI", and all is good ;-)
>>
>> In my case it was an ajax callback that got a parameter like '16=test%', because I had entered 'test%' into a text field that sends its contents in an ajax request. You may argue that characters like %, *, _ shouldn't be allowed for such cases anyways for all kinds of reasons (SQL injection, anyone?).
>>
>> What I should do, obviously, is to use encodeURI() to convert the input field's contents before I use them as parameter of an ajax call, right? Or does this lead to double encoding?
>> I would expect $.ajax to encode its parameters correctly. Am I wrong?
>>
>> Joachim
>>
>>
>> Am 22.08.13 15:01, schrieb Johan Brichau:
>>> I'm guessing the decoding should throw an error anyway since the string that does not adhere to the encoded format.
>>>
>>> On 22 Aug 2013, at 14:17, Joachim Tuchel <jtuchel at objektfabrik.de> wrote:
>>>
>>>> Thanks for entering a bug.
>>>>
>>>> In the meantime, I added a filter for the text to submit in the ajax request (using replace()), so the bug doesn`t hurt in my specific case any more.
>>>>
>>>> It is, btw, an interesting question what decoding of a uri that ends with one or multiple % should result in... I can't test right now, but i also thing decoding `abc%6' also fails because the methods expects two digits... (I am far away from an image at the moment...)
>>>>
>>>> Joachim
>>>>
>>>> Stephan Eggermont <stephan at stack.nl> schrieb:
>>>>
>>>>> Nice find
>>>>>
>>>>> http://code.google.com/p/seaside/issues/detail?id=762
>>>>>
>>>>> Stephan
>>>>> _______________________________________________
>>>>> seaside mailing list
>>>>> seaside at lists.squeakfoundation.org
>>>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>>>>>
>>>> _______________________________________________
>>>> seaside mailing list
>>>> seaside at lists.squeakfoundation.org
>>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>>> _______________________________________________
>>> seaside mailing list
>>> seaside at lists.squeakfoundation.org
>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>>>
>>
>>
>
>
> --
> --
> ----------------------------------------------------------------------- Objektfabrik Joachim Tuchel mailto:jtuchel at objektfabrik.de Fliederweg 1 http://www.objektfabrik.de
> D-71640 Ludwigsburg http://joachimtuchel.wordpress.com
> Telefon: +49 7141 56 10 86 0 Fax: +49 7141 56 10 86 1
>
> _______________________________________________
> seaside mailing list
> seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
More information about the seaside
mailing list