Skip to content

Commit

Permalink
SITES-14313: rfc allowed characters in fragment (#2542)
Browse files Browse the repository at this point in the history 
Co-authored-by: bcenusa <bcenusa@adobe.com>
  • Loading branch information
@cbogdan0707
cbogdan0707 and bcenusa authored Jul 10, 2023
1 parent 8e178c7 commit 312e3d6
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 3 deletions.
22 changes: 20 additions & 2 deletions bundles/core/src/main/java/com/adobe/cq/wcm/core/components/internal/link/LinkUtil.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,10 +99,12 @@ public static String escape(final String path, final String queryString, final S
escaped = sb.insert(path.indexOf(fragment), "#" + fragment).toString();
}
} else {
escaped = sb.append("#").append(URLEncoder.encode(fragment, StandardCharsets.UTF_8.name())
.replace("+", "%20")).toString();
escaped = sb.append("#")
.append(replaceEncodedCharacters(URLEncoder.encode(fragment, StandardCharsets.UTF_8.name())))
.toString();
}
}

} catch (Exception e) {
LOG.error(e.getMessage(), e);
StringBuilder sb = new StringBuilder(path);
Expand Down Expand Up @@ -191,4 +193,20 @@ private static String newPlaceholder(final String str) {

return placeholderBuilder.toString();
}

private static String replaceEncodedCharacters(final String str) {
return str.replace("%2B", "+")
.replace("%3D", "=")
.replace("%7E", "~")
.replace("%24", "$")
.replace("%26", "&")
.replace("%3B", ";")
.replace("%3A", ":")
.replace("%40", "@")
.replace("%21", "!")
.replace("%27", "'")
.replace("%28", "(")
.replace("%29", ")")
.replace("%2C", ",");
}
}
4 changes: 3 additions & 1 deletion ...rc/test/java/com/adobe/cq/wcm/core/components/internal/link/DefaultPathProcessorTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,12 +88,14 @@ void testSanitizeExternalLink() {
underTest.sanitize("https://test.com?categ=cat1|cat2", request));
assertEquals("https://test.com?categ=cat1%7Ccat2#top",
underTest.sanitize("https://test.com?categ=cat1|cat2#top", request));
assertEquals("https://test.com?categ=cat1%7Ccat2#top%20level",
assertEquals("https://test.com?categ=cat1%7Ccat2#top+level",
underTest.sanitize("https://test.com?categ=cat1|cat2#top level", request));
assertEquals("https://test.com?recipient=<%= recipient.id %>",
underTest.sanitize("https://test.com?recipient=<%= recipient.id %>", request));
assertEquals("https://test.com/#/downloads/file.html?name=/content/file.zip",
underTest.sanitize("https://test.com/#/downloads/file.html?name=/content/file.zip", request));
assertEquals("https://test.com#page=1-._~!$&'()*+,;=:@",
underTest.sanitize("https://test.com#page=1-._~!$&'()*+,;=:@", request));
}

@Test
Expand Down

0 comments on commit 312e3d6

Please sign in to comment.