Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[fix] prevent usage of unsafe encoded characters in path segments #7573

Closed
wants to merge 1 commit into from
Closed

[fix] prevent usage of unsafe encoded characters in path segments #7573

wants to merge 1 commit into from

Conversation

dmkret
Copy link

@dmkret dmkret commented Nov 9, 2022
edited
Loading

Closes #7567
Closes #7554
Closes #7570

This PR prevents using path segments (folder names) to contain uri-decodable characters like []% and so on.

Please don't delete this checklist! Before submitting the PR, please make sure you do the following:

  • It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs
  • This message body should clearly illustrate what problems it solves.
  • Ideally, include a test that fails without this PR but passes with it.

Tests

  • Run the tests with pnpm test and lint the project with pnpm lint and pnpm check

Changesets

  • If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running pnpm changeset and following the prompts. All changesets should be patch until SvelteKit 1.0

@changeset-bot
Copy link

changeset-bot bot commented Nov 9, 2022

🦋 Changeset detected

Latest commit: b0a1ff8

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@sveltejs/kit Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

benmccann
benmccann reviewed Nov 10, 2022
View reviewed changes
packages/kit/src/utils/routing.js
* Throws error if segment contains invalid characters
* @param {string} segment
*/
function assert_segment(segment) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not exactly sure about this. It's unclear to me what exactly it's disallowing and at the very least would need some comment explaining what is considered to be an invalid character. It's also difficult for users to understand which characters are invalid from the error message. I think we could write this whole thing in a clearer way

@benmccann benmccann mentioned this pull request Nov 11, 2022
Closed
@Rich-Harris Rich-Harris mentioned this pull request Nov 14, 2022
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benmccann benmccann benmccann left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@dmkret @benmccann