Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[fix] @koa/router does not handle decoding URL with '+' character properly #179

Closed
3 tasks done
stixsg opened this issue Apr 2, 2024 · 2 comments · Fixed by #180
Closed
3 tasks done

[fix] @koa/router does not handle decoding URL with '+' character properly #179

stixsg opened this issue Apr 2, 2024 · 2 comments · Fixed by #180
Assignees
@3imed-jaberi
Labels
bug Something isn't working

Comments

@stixsg
Copy link

stixsg commented Apr 2, 2024

Describe the bug

Node.js version: v20.12.0

OS version: Ubuntu 22.04

Description: @koa/router does not handle decoding URL with '+' character properly. With reference to https://en.wikipedia.org/wiki/Percent-encoding:

When data that has been entered into HTML forms is submitted, the form field names and values are encoded and sent to the server in an HTTP request message using method GET or POST, or, historically, via email.[3] The encoding used by default is based on an early version of the general URI percent-encoding rules,[4] with a number of modifications such as newline normalization and replacing spaces with + instead of %20. The media type of data encoded this way is application/x-www-form-urlencoded, and it is currently defined in the HTML and XForms specifications. In addition, the CGI specification contains rules for how web servers decode data of this type and make it available to applications.

'+' characters in URL should be decoded as spaces.

Possible fix

According to https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/decodeURIComponent#decoding_query_parameters_from_a_url, decodeURIComponent() cannot be used directly to parse query parameters from a URL. It needs a bit of preparation. In function safeDecodeURIComponent(text) in layer.js, call to decodeURIComponent() should first replace all '+' with spaces:


function safeDecodeURIComponent(text) {
  try {
    return decodeURIComponent(text.replace(/\+/g, " "));
  } catch {
    return text;
  }
}

Checklist

  • I have searched through GitHub issues for similar issues.
  • I have completely read through the README and documentation.
  • I have tested my code with the latest version of Node.js and this package and confirmed it is still not working.
@stixsg stixsg added the bug Something isn't working label Apr 2, 2024
3imed-jaberi added a commit that referenced this issue Aug 15, 2024
@3imed-jaberi
fix: add fix for #179 issue
e8c4f55
@3imed-jaberi 3imed-jaberi self-assigned this Aug 15, 2024
@3imed-jaberi 3imed-jaberi mentioned this issue Aug 15, 2024
Merged
13 tasks
titanism pushed a commit that referenced this issue Aug 15, 2024
@3imed-jaberi
Refactor to use native Node.js modules, support Node.js v20+ and mode…
f7ffb93 
…rnize the code (#180)

* refactor: upgrade deps + refactor code to be with oop class style + support node.js 20+ ...etc

* fix: add fix for #179 issue
@titanism
Copy link
Contributor

v13.0.0 released to npm 🎉

https://github.com/koajs/router/releases/tag/v13.0.0

3imed-jaberi added a commit that referenced this issue Sep 17, 2024
@3imed-jaberi
Refactor to use native Node.js modules, support Node.js v20+ and mode…
ff02349 
…rnize the code (#180)

* refactor: upgrade deps + refactor code to be with oop class style + support node.js 20+ ...etc

* fix: add fix for #179 issue
@RussBrown00
Copy link

It would have been nice to know in the notes that this breaking change was introduced. I wouldn't exactly call this a bug fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@3imed-jaberi 3imed-jaberi

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Refactor to use native Node.js modules, support Node.js v20+ and modernize the code koajs/router
4 participants
@RussBrown00 @3imed-jaberi @titanism @stixsg