-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix a bug with url encoded parameters in url.parse #1480
Conversation
Any updates? Right now Prebid.js is impossible to use for us and I'm pretty sure other adapters suffer from this bug as well but just don't notice it because they might not always have url encoded values in the urls they use with Ajax.ajax. |
@erikdubbelboer why can't you just pass the query params into the |
@mkalafior the base url is build by external javascript code that isn't included in Prebid.js. The only way we could fix this at the moment is to encodeURIComponent all urls we pass to Ajax.ajax which would be a super ugly fix that will break things in the future for sure. Don't you think url.parse is really broken by always doing decodeURIComponent on the whole url? |
@erikdubbelboer yes I agree it's broken performing decodeURIComponent on the whole URL. The contract on all the |
@mkendall07 I can modify the pull request to add an |
Sure that sounds ok in the short term. We discussed this a bit earlier and might end up pulling in a lightweight ajax library to be more standardized. That might not be right away tho. |
I'll modify the pull request next week. All other Ajax libraries will obviously not run decodeURIComponent on the whole URL meaning all adapters that depend on this behavior will break. |
cec9abe
to
5342c43
Compare
5342c43
to
13a98a8
Compare
@mkendall07 I changed the pull request. I'm not sure if |
@@ -76,7 +76,7 @@ export function ajax(url, callback, data, options = {}) { | |||
} | |||
|
|||
if (method === 'GET' && data) { | |||
let urlInfo = parseURL(url); | |||
let urlInfo = parseURL(url, options); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure if passing the whole options
object here is the best or if it should extract the options that apply to url.parse
. This would result in a lot more code.
@@ -28,8 +28,9 @@ describe('helpers.url', () => { | |||
it('extracts the search query', () => { | |||
expect(parsed).to.have.property('search'); | |||
expect(parsed.search).to.eql({ | |||
foo: 'bar', | |||
search: 'test' | |||
foo: 'xxx', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I left this here to show that the current url.parse
is quite broken with foo
being set to xxx
instead of the expected bar
.
@mkendall07 any update? We really need this as currently our adapter is broken because if this bug. |
@snapwich @ndhimehta @mkendall07 anyone? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Type of change
Description of change
When you pass an url with url encoded parameters to
Ajax.ajax
but also pass extra parameters in the data argument, such as the atomx adapter does, it will break the url.Ajax.ajax
will parse the url and format it again:Prebid.js/src/ajax.js
Lines 78 to 82 in 6956a56
But
url.parse
decodes the whole url withouturl.format
encoding it again:Prebid.js/src/url.js
Line 29 in 6956a56
So
Ajax.ajax('http://example.com?foo=foo%26foo%3Dxxx', null, {ignore: 123})
will load the urlhttp://example.com?foo=foo&foo=xxx&ignore=123
instead ofhttp://example.com?foo=foo%26foo%3Dxxx&ignore=123
which is just plain wrong.This can be fixed by not just decoding the whole url but instead decoding and encoding the separate query parameters.
This pull request right now only removes the
decodeURIComponent
inurl.parse
as that doesn't seem to break any tests. AddingdecodeURIComponent
andencodeURIComponent
tourl.parseQS
andurl.formatQS
seems to break some tests for adapters that already depend on this broken behavior.