From e3b5e24ce0dfd23a1af86beff2b45a4fa7f73e73 Mon Sep 17 00:00:00 2001 From: Timothy Flynn Date: Sun, 10 Mar 2024 09:42:48 -0400 Subject: [PATCH] AK: Iterate the bytes of a URL query with an unsigned type MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Otherwise, we percent-encode negative signed chars incorrectly. For example, https://www.strava.com/login contains the following hidden field: On submitting the form, we would percent-encode that field as: utf8=%-1E%-64%-6D Which would cause us to receive an HTTP 500 response. We now properly percent-encode that field as: utf8=%E2%9C%93 And can login to Strava :^) --- AK/URLParser.cpp | 2 +- Tests/AK/TestURL.cpp | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/AK/URLParser.cpp b/AK/URLParser.cpp index 8bced4200f..1062937e24 100644 --- a/AK/URLParser.cpp +++ b/AK/URLParser.cpp @@ -714,7 +714,7 @@ ErrorOr URLParser::percent_encode_after_encoding(StringView input, URL:: StringBuilder output; // 3. For each byte of encodeOutput converted to a byte sequence: - for (auto byte : input) { + for (u8 byte : input) { // 1. If spaceAsPlus is true and byte is 0x20 (SP), then append U+002B (+) to output and continue. if (space_as_plus && byte == ' ') { output.append('+'); diff --git a/Tests/AK/TestURL.cpp b/Tests/AK/TestURL.cpp index aed1bf7e6d..61b5499b05 100644 --- a/Tests/AK/TestURL.cpp +++ b/Tests/AK/TestURL.cpp @@ -438,6 +438,15 @@ TEST_CASE(unicode) EXPECT(!url.fragment().has_value()); } +TEST_CASE(query_with_non_ascii) +{ + URL url { "http://example.com/?utf8=✓"sv }; + EXPECT(url.is_valid()); + EXPECT_EQ(url.serialize_path(), "/"sv); + EXPECT_EQ(url.query(), "utf8=%E2%9C%93"); + EXPECT(!url.fragment().has_value()); +} + TEST_CASE(complete_file_url_with_base) { URL url { "file:///home/index.html" };