fix: preserve unrecognized %XX sequences in safeDecodeURIComponent#426
fix: preserve unrecognized %XX sequences in safeDecodeURIComponent#426deepview-autofix wants to merge 1 commit into
Conversation
`decodeComponentChar` returns `null` for percent-encoded sequences that are not reserved characters. Previously, `safeDecodeURIComponent` concatenated this `null` directly, producing the literal string `"null"` in the decoded output (e.g. a double-encoded `%2520` became `"null"` after `safeDecodeURI`/`safeDecodeURIComponent`). Fall back to the original `%XX` substring when decoding is not applicable. Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: DeepView Autofix <276251120+deepview-autofix@users.noreply.github.com> Co-Authored-By: Nikita Skovoroda <chalkerx@gmail.com> Signed-off-by: Nikita Skovoroda <chalkerx@gmail.com>
There was a problem hiding this comment.
Of this one, I'm unsure
One one hand, safeDecodeURI is documented to preserve chars:
find-my-way/lib/url-sanitizer.js
Line 38 in eb8ec6f
On the other hand, there is a test that expects "null" string in output:
find-my-way/test/issue-330.test.js
Line 164 in eb8ec6f
That test was introduced in #330 though and could have been not by design but by documenting existing behavior / increasing coverage.
But anyway, the behavior should be either documented if it is by design or fixed if it's a bug
While this PR assumes the latter, it could be the former - not sure
|
The test was only added to increase coverage, I think should be fixed |
|
Will recheck the logic behind decoding one more time as a safety measure |
3 participants
decodeComponentCharreturnsnullfor percent-encoded sequences that are not reserved characters. Previously,safeDecodeURIComponentconcatenated thisnulldirectly, producing the literal string"null"in the decoded output (e.g. a double-encoded%2520became"null"aftersafeDecodeURI/safeDecodeURIComponent). Fall back to the original%XXsubstring when decoding is not applicable.