pathname . collapsing triggering too much
#156
Comments
|
Yes, this is a bug in the spec. The algorithm here: https://wicg.github.io/urlpattern/#canonicalize-a-pathname Creates a fakes URL and assigns the character to encode to the end of the pathname. A |
This commit fixes an issue where '.' and '..' could be incorrectly removed from a pathname during parsing. This would happen in cases where the encoding callback saw the '.' or '..' individually without surrounding characters. This would cause the algorithm to encode them as '/.' or '/..' which the URL parser collapses to just '/'. To avoid this behavior we explicitly check for '.' and '..' values so they can be immediately returned without encoding.
This CL adds WPT test cases for the issue described in: whatwg/urlpattern#156 Note, chromium does not suffer from the bug in the spec and already passes the tests. Change-Id: I121fe82bf1cdcb5b0ef6634d51d4f58beb57a2bc
This commit fixes an issue where '.' and '..' could be incorrectly removed from a pathname during parsing. This would happen in cases where the encoding callback saw the '.' or '..' individually without surrounding characters. This would cause the algorithm to encode them as '/.' or '/..' which the URL parser collapses to just '/'. To avoid this behavior we explicitly check for '.' and '..' values so they can be immediately returned without encoding.
This CL adds WPT test cases for the issue described in: whatwg/urlpattern#156 Note, chromium does not suffer from the bug in the spec and already passes the tests. Change-Id: I121fe82bf1cdcb5b0ef6634d51d4f58beb57a2bc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3399610 Reviewed-by: Domenic Denicola <[email protected]> Commit-Queue: Ben Kelly <[email protected]> Cr-Commit-Position: refs/heads/main@{#960622}
|
Hmm, I patched the immediate issue, but I'm not sure its adequate now. Consider On the flip side, though, what would we expect for I need to think about what the correct fix is here. |
This CL adds WPT test cases for the issue described in: whatwg/urlpattern#156 Note, chromium does not suffer from the bug in the spec and already passes the tests. Change-Id: I121fe82bf1cdcb5b0ef6634d51d4f58beb57a2bc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3399610 Reviewed-by: Domenic Denicola <[email protected]> Commit-Queue: Ben Kelly <[email protected]> Cr-Commit-Position: refs/heads/main@{#960622}
|
I think maybe the solution could be pre-pending a prefix like "/-" before we pass a value to the URL pathname parser if the value does not already start with a slash. Then we would strip it back off at the end. |
|
I think this could benefit from some discussion with users, if possible. It kind of depends how much people expect these sort of strings to be "path-like" (where |
|
I'm not sure users will have a strong informed opinion here. Its a bit esoteric. Also, there is a rationale for the chromium behavior. We only perform The issue with the non-chromium behavior is an artifact of how we have to use the URL parser algorithm that implicitly inserts a leading I also think keeping Having thought this through more I feel pretty strongly that we should stick with the chromium behavior. |
|
FWIW, prepending |
This CL adds WPT test cases for the issue described in: whatwg/urlpattern#156 Note, chromium does not suffer from the bug in the spec and already passes the tests. Change-Id: I121fe82bf1cdcb5b0ef6634d51d4f58beb57a2bc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3399610 Reviewed-by: Domenic Denicola <[email protected]> Commit-Queue: Ben Kelly <[email protected]> Cr-Commit-Position: refs/heads/main@{#960622}
This CL adds some more test cases for issues discussed in: whatwg/urlpattern#156 Change-Id: I885a61aa6be3d416babfa7c23b19465d0c63d07a
wanderview
changed the title
/:foo. not acting correctly. collapsing triggering too much
|
Another issue I thought of is This one would be a bit more complex to fix. We would have to do something like check for additional content after a trailing We could also just leave this as a quirk of the API, but I worry that the "match dotfiles" case might actually be something people will hit. There is a work around with |
This CL adds some more test cases for issues discussed in: whatwg/urlpattern#156 Change-Id: I885a61aa6be3d416babfa7c23b19465d0c63d07a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3399895 Reviewed-by: Domenic Denicola <[email protected]> Commit-Queue: Ben Kelly <[email protected]> Cr-Commit-Position: refs/heads/main@{#960951}
This CL adds some more test cases for issues discussed in: whatwg/urlpattern#156 Change-Id: I885a61aa6be3d416babfa7c23b19465d0c63d07a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3399895 Reviewed-by: Domenic Denicola <[email protected]> Commit-Queue: Ben Kelly <[email protected]> Cr-Commit-Position: refs/heads/main@{#960951}
This CL adds some more test cases for issues discussed in: whatwg/urlpattern#156 Change-Id: I885a61aa6be3d416babfa7c23b19465d0c63d07a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3399895 Reviewed-by: Domenic Denicola <[email protected]> Commit-Queue: Ben Kelly <[email protected]> Cr-Commit-Position: refs/heads/main@{#960951}
|
I decided to move #156 (comment) off into its own issue at #159. |
This commit does a better job of protecting `.` and `..` sequences in the encoding callback by disabling the automatic insertion of a leading slash. Without this change we `:foo./` would get converted to just `:foo` which is incorrect.
This commit does a better job of protecting `.` and `..` sequences in the encoding callback by disabling the automatic insertion of a leading slash. Without this change we `:foo./` would get converted to just `:foo` which is incorrect.
This commit does a better job of protecting `.` and `..` sequences in the encoding callback by disabling the automatic insertion of a leading slash. Without this change we `:foo./` would get converted to just `:foo` which is incorrect.
….' and '..' in pathname., a=testonly Automatic update from web-platform-tests URLPattern: Add WPT cases for isolated '.' and '..' in pathname. This CL adds WPT test cases for the issue described in: whatwg/urlpattern#156 Note, chromium does not suffer from the bug in the spec and already passes the tests. Change-Id: I121fe82bf1cdcb5b0ef6634d51d4f58beb57a2bc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3399610 Reviewed-by: Domenic Denicola <[email protected]> Commit-Queue: Ben Kelly <[email protected]> Cr-Commit-Position: refs/heads/main@{#960622} -- wpt-commits: fd132aec57c531fdbb71cc7cd18aed97a8e3492a wpt-pr: 32440
…'..'., a=testonly Automatic update from web-platform-tests URLPattern: More WPT tests with '.' and '..'. This CL adds some more test cases for issues discussed in: whatwg/urlpattern#156 Change-Id: I885a61aa6be3d416babfa7c23b19465d0c63d07a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3399895 Reviewed-by: Domenic Denicola <[email protected]> Commit-Queue: Ben Kelly <[email protected]> Cr-Commit-Position: refs/heads/main@{#960951} -- wpt-commits: b717651264109d1ac96e922431b7b846ba8d599f wpt-pr: 32442
….' and '..' in pathname., a=testonly Automatic update from web-platform-tests URLPattern: Add WPT cases for isolated '.' and '..' in pathname. This CL adds WPT test cases for the issue described in: whatwg/urlpattern#156 Note, chromium does not suffer from the bug in the spec and already passes the tests. Change-Id: I121fe82bf1cdcb5b0ef6634d51d4f58beb57a2bc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3399610 Reviewed-by: Domenic Denicola <[email protected]> Commit-Queue: Ben Kelly <[email protected]> Cr-Commit-Position: refs/heads/main@{#960622} -- wpt-commits: fd132aec57c531fdbb71cc7cd18aed97a8e3492a wpt-pr: 32440
…'..'., a=testonly Automatic update from web-platform-tests URLPattern: More WPT tests with '.' and '..'. This CL adds some more test cases for issues discussed in: whatwg/urlpattern#156 Change-Id: I885a61aa6be3d416babfa7c23b19465d0c63d07a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3399895 Reviewed-by: Domenic Denicola <[email protected]> Commit-Queue: Ben Kelly <[email protected]> Cr-Commit-Position: refs/heads/main@{#960951} -- wpt-commits: b717651264109d1ac96e922431b7b846ba8d599f wpt-pr: 32442
This CL adds WPT test cases for the issue described in: whatwg/urlpattern#156 Note, chromium does not suffer from the bug in the spec and already passes the tests. Change-Id: I121fe82bf1cdcb5b0ef6634d51d4f58beb57a2bc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3399610 Reviewed-by: Domenic Denicola <[email protected]> Commit-Queue: Ben Kelly <[email protected]> Cr-Commit-Position: refs/heads/main@{#960622} NOKEYCHECK=True GitOrigin-RevId: 568c89e80683904edfdd6f313983768407509b5e
This CL adds some more test cases for issues discussed in: whatwg/urlpattern#156 Change-Id: I885a61aa6be3d416babfa7c23b19465d0c63d07a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3399895 Reviewed-by: Domenic Denicola <[email protected]> Commit-Queue: Ben Kelly <[email protected]> Cr-Commit-Position: refs/heads/main@{#960951} NOKEYCHECK=True GitOrigin-RevId: 9b537a98e0581fde0e94987363584c06afdb3184
test code:
Chrome:
urlpattern-polyfill:
deno currently panics, but with a quick fix for the panic, i reach same result as urlpattern-polyfill. Is something missing in the spec?
The text was updated successfully, but these errors were encountered: