Remove forward slashes and equal signs as delimiters in query parameter values#7312
Remove forward slashes and equal signs as delimiters in query parameter values#7312AlexBachmann wants to merge 1 commit intoangular:masterfrom AlexBachmann:url_parser_issue
Conversation
|
I investigated the possiblity to remove the forward slash as a delimiter for matrix parameters as well, but this makes no sense, since this goes against the idea of using matrix paramters within the path segements themselves:
So the forward slash needs to remain a delimiter for matrix parameters. I propose tackeling #7314 first,and this one afterwards. |
|
👍 Ran into this same issue today with implementing authentication via an OAuth2 request to Google today and I can't use RouteParams to get the access code because of this issue. I'll have to use window.location.search for now, as much as it pains me to do so... |
|
this looks promising, sending to @btford for review |
|
Looks good, just doesn't pass lint. |
|
Thanks! Closing this PR as #7824 fixes the linting issues and includes all its changes. |
|
Same problem with brackets. Even if I escape them, the parameter value gets truncated at the first bracket. I am having to convert them to a completely different character and then convert them back afterwards. (I am using HashLocationStrategy, which may or may not be relevant) |
|
This issue has been automatically locked due to inactivity. Read more about our automatic conversation locking policy. This action has been performed automatically by a bot. |
7 participants
Right now, url query parameter values are matched using the matchUrlSegement method in the UrlParser. This method returns all characters of a string that are not classified as delimiters in the semgement regular expression
SEGMENT_RE. One of the delimiters defined here is a forward slash, which makes sense, since the forward slash is a delimiter when it comes to segmenting the url path.However, within url queries, a forward slash is allowed and should not be handled as a delimiter. The best real world example I can give is an oAuth2 request to Google, which returns an authorization code via url query parameters. The redirect_url called by Google could look something like this:
http://your-host.com/oauth2callback/googleanalytics?code=4/B8o0n_Y7XZTb-pVKBw5daZyGAUbMljyLf7uNgTy6ja8&scope=https://www.googleapis.com/auth/analytics#Both, the authorization code and the scope parameter returned by Google contain forward slashes.
However, up until now, the url parser would parse the url and only recognize
code=4as a parameter and ignore the rest of the string, since the rest of the url string would not match the query string conventions.This is a bug which is addressed with this pull request.
NOTE: I also removed the equals sign (=) from the query value delimiter list. I was not sure about the other delimiters "(" ")" ";" and "#". Maybe they can also be removed as delimiters for query parameter values, but I'm not sure here.