RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-14 09:04:59 +00:00
Code Issues Activity Actions

AK: Iterate the bytes of a URL query with an unsigned type

Browse source 
Otherwise, we percent-encode negative signed chars incorrectly. For
example, https://www.strava.com/login contains the following hidden
<input> field:

    <input name="utf8" type="hidden" value="✓" />

On submitting the form, we would percent-encode that field as:

    utf8=%-1E%-64%-6D

Which would cause us to receive an HTTP 500 response. We now properly
percent-encode that field as:

    utf8=%E2%9C%93

And can login to Strava :^)
This commit is contained in:
Timothy Flynn 2024-03-10 09:42:48 -04:00 committed by Andreas Kling
parent dc47210360
commit e3b5e24ce0
2 changed files with 10 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
AK/URLParser.cpp
View file

@ -714,7 +714,7 @@ ErrorOr<String> URLParser::percent_encode_after_encoding(StringView input, URL::
StringBuilder output;
// 3. For each byte of encodeOutput converted to a byte sequence:
for (auto byte : input) {
for (u8 byte : input) {
// 1. If spaceAsPlus is true and byte is 0x20 (SP), then append U+002B (+) to output and continue.
if (space_as_plus && byte == ' ') {
output.append('+');