Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Uri#parse can break path-component #45515

Closed
antoinerousseau opened this issue Mar 11, 2018 · 10 comments
Closed

Uri#parse can break path-component #45515

antoinerousseau opened this issue Mar 11, 2018 · 10 comments
Assignees
Labels
bug Issue identified by VS Code Team member as probable bug uri verified Verification succeeded
Milestone

Comments

@antoinerousseau
Copy link

  • VSCode Version: 1.21.0
  • OS Version: macOS 10.13.3

Steps to Reproduce:

  1. Insert this link in a JS file: https://firebasestorage.googleapis.com/v0/b/brewlangerie.appspot.com/o/products%2FzVNZkudXJyq8bPGTXUxx%2FBetterave-Sesame.jpg?alt=media&token=0b2310c4-3ea6-4207-bbde-9c3710ba0437
  2. Cmd-click it to open it: the %2F are not preserved and are replaced with /, causing the request to fail

Does this issue occur when all extensions are disabled?: Yes

@kieferrm kieferrm added the bug Issue identified by VS Code Team member as probable bug label Mar 11, 2018
@vscodebot vscodebot bot removed the new release label Mar 13, 2018
@humphd
Copy link

humphd commented Oct 19, 2018

I dug into this a bit today, and it's caused by the decodeURIComponent() calls on the path in uri.ts:

https://github.com/Microsoft/vscode/blob/7d80b00cb0d051425ade0e19e925dfcc2fe4c45c/src/vs/base/common/uri.ts#L264-L276

I'm not sure what the right fix is, but special-casing http(s) schemes (vs. file), and not calling it for match[5] fixes it. Though this change does break a bunch of pure file:// based tests with special characters in the path that are percent-encoded.

Maybe the right thing is to not decode at all until you need to reproduce the URI as a string. I note that in the browser, this is what happens:

new URL("https://firebasestorage.googleapis.com/v0/b/brewlangerie.appspot.com/o/products%2FzVNZkudXJyq8bPGTXUxx%2FBetterave-Sesame.jpg?alt=media&token=0b2310c4-3ea6-4207-bbde-9c3710ba0437").pathname
"/v0/b/brewlangerie.appspot.com/o/products%2FzVNZkudXJyq8bPGTXUxx%2FBetterave-Sesame.jpg"

Same in node:

require('url').parse('https://firebasestorage.googleapis.com/v0/b/brewlangerie.appspot.com/o/products%2FzVNZkudXJyq8bPGTXUxx%2FBetterave-Sesame.jpg?alt=media&token=0b2310c4-3ea6-4207-bbde-9c3710ba0437').pathname
'/v0/b/brewlangerie.appspot.com/o/products%2FzVNZkudXJyq8bPGTXUxx%2FBetterave-Sesame.jpg'

@humphd
Copy link

humphd commented Oct 19, 2018

cc'ing @jrieken, who git shows to have been active on this code, and might have thoughts.

@jrieken jrieken added the uri label Oct 22, 2018
@jrieken
Copy link
Member

jrieken commented Oct 22, 2018

/duplicate of #25852

@jrieken jrieken closed this as completed Oct 22, 2018
@vscodebot vscodebot bot locked and limited conversation to collaborators Dec 6, 2018
@jrieken jrieken assigned jrieken and unassigned rebornix Apr 17, 2019
@microsoft microsoft unlocked this conversation Apr 17, 2019
@jrieken
Copy link
Member

jrieken commented Apr 17, 2019

Sorry, this actually is not a duplicate of #25852

@jrieken jrieken changed the title Cmd-click an URL should open it as-is, and not decode URL entities like %2F Uri#parse can break path-component Apr 17, 2019
@vscodebot vscodebot bot locked and limited conversation to collaborators Apr 20, 2019
@jrieken jrieken reopened this Apr 24, 2019
@microsoft microsoft unlocked this conversation Apr 24, 2019
@jrieken jrieken added this to the May 2019 milestone Apr 24, 2019
@jrieken jrieken removed this from the May 2019 milestone May 24, 2019
@jrieken
Copy link
Member

jrieken commented Jun 3, 2019

fixed via #73849

@jrieken jrieken closed this as completed Jun 3, 2019
@jrieken jrieken added this to the June 2019 milestone Jun 24, 2019
@mjbvz mjbvz added the verified Verification succeeded label Jun 26, 2019
@jrieken jrieken removed the verified Verification succeeded label Jul 5, 2019
@jrieken jrieken reopened this Jul 5, 2019
@jrieken jrieken removed this from the June 2019 milestone Jul 5, 2019
@jrieken
Copy link
Member

jrieken commented Jul 8, 2019

This unfortunately had to be reverted and reopened. The fix introduced a bunch of bad regressions that we couldn't easily fix. We revert to the old behaviour and we need to get back to the drawing board, however no easy solution exists...

@jrieken
Copy link
Member

jrieken commented Oct 24, 2019

Fixed via #83060. There is still a caveat when calling parse and accessing the components of an URI because those are decoded (see this test which documents the current behaviour). This is for compatibility reasons. Anyways, calling toString will return the correct result and do the right thing when opened in a browser etc

@jrieken jrieken closed this as completed Oct 24, 2019
@jrieken
Copy link
Member

jrieken commented Oct 30, 2019

re-opened via 58479e8

@jrieken jrieken reopened this Oct 30, 2019
@jrieken
Copy link
Member

jrieken commented Oct 30, 2019

/duplicate of #83645

Closing this as a duplicate of #83645 which is all about finding a way out of the URI nightmare.

@vscodebot vscodebot bot added the *duplicate Issue identified as a duplicate of another issue(s) label Oct 30, 2019
@vscodebot
Copy link

vscodebot bot commented Oct 30, 2019

Thanks for creating this issue! We figured it's covering the same as another one we already have. Thus, we closed this one as a duplicate. You can search for existing issues here. See also our issue reporting guidelines.

Happy Coding!

@vscodebot vscodebot bot closed this as completed Oct 30, 2019
@microsoft microsoft locked and limited conversation to collaborators Oct 30, 2019
@jrieken jrieken removed the *duplicate Issue identified as a duplicate of another issue(s) label Dec 2, 2019
@jrieken jrieken modified the milestones: October 2019, November 2019 Dec 2, 2019
@dbaeumer dbaeumer added the verified Verification succeeded label Dec 5, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Issue identified by VS Code Team member as probable bug uri verified Verification succeeded
Projects
None yet
Development

No branches or pull requests

7 participants