Changeset 32772 for main


Ignore:
Timestamp:
02/13/19 17:46:00 (2 years ago)
Author:
ak19
Message:

Handling the whole set of reserved and unsafe characters listed at https://perishablepress.com/stop-using-unsafe-characters-in-urls/

File:
1 edited

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone3/web/interfaces/default/js/document_scripts.js

    r32767 r32772  
    2525********************/
    2626
    27 function makeURLSafe(url) {
    28 
    29     url =  url.replace(/ /g, "%20").replace(/\//g, "%2F").replace(/\:/g, "%3A").replace(/=/g, "%3D").replace(/\[/g,"%5B").replace(/\]/g,"%5D");
    30     return url;
     27/*
     28  Tomcat 8 appears to be stricter in requiring unsafe and reserved chars
     29  in URLs to be escaped with URL encoding
     30  See section "Character Encoding Chart of
     31  https://perishablepress.com/stop-using-unsafe-characters-in-urls/
     32  Reserved chars:
     33     ; / ? : @ = &
     34     ----->  %3B %2F %3F %3A %40 %3D %26
     35  Unsafe chars:
     36     " < > # % { } | \ ^ ~ [ ] ` and SPACE/BLANK
     37     ----> %22 %3C %3E %23 %25 %7B %7D %7C %5C %5E ~ %5B %5D %60 and %20
     38  But the above conflicts with the reserved vs unreserved listings at
     39     https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI
     40  Possibly more info: https://stackoverflow.com/questions/1547899/which-characters-make-a-url-invalid
     41
     42*/
     43/* URL encode RESERVED characters in a non-URL context of a URL, such as the inline template (ilt) parameter value of a URL */
     44function makeSafeForURL(url_part) {
     45    // https://stackoverflow.com/questions/7368407/javascript-replace-a-set-of-characters-with-another-one
     46    var reserved_mappings = {
     47    ';': '%3B',
     48    '/': '%2F',
     49    '?': '%3F',
     50    ':': '%3A',
     51    '@': '%40',
     52    '=': '%3D',
     53    '&': '%26'
     54    };
     55   
     56    encode_percentages = 1; // to force the URL-encoding of any % in url_part, do this for inline-templates that haven't ever been encoded
     57    url_part = makeURLSafe(url_part, encode_percentages);
     58
     59    var url_encoded = url_part.replace(/[\;\/\?\:\@\=\&]/g, function(s) {
     60    return reserved_mappings[s];
     61    });
     62   
     63    //var url_encoded = url_part.replace(/;/g, "%3B").replace(/\//g, "%2F").replace(/\?/g, "%3F").replace(/\:/g, "%3A").replace(/\@/g, "%40").replace(/=/g, "%3D").replace(/\&/g,"%26");
     64    return url_encoded;
     65}
     66
     67/*
     68   URL encode UNSAFE characters to make URL valid
     69   Set encode_percentages to 1 (true) if the url isn't already partly URL encoded
     70*/
     71function makeURLSafe(url, encode_percentages) {
     72    // https://stackoverflow.com/questions/12797118/how-can-i-declare-optional-function-parameters-in-javascript
     73    encode_percentages = encode_percentages || 0;
     74   
     75    var unsafe_mappings = {
     76    ' ': '%20',
     77    '"': '%22',
     78    '<': '%3C',
     79    '>': '%3E',
     80    '#': '%23',
     81    '{': '%7B',
     82    '}': '%7D',
     83    '|': '%7C',
     84    '\\': '%5C',
     85    '^': '%5E',
     86    //'~': '~', // unreserved char (but is it then unsafe?), as per https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI
     87    '[': '%5B',
     88    ']': '%5D',
     89    '`': '%60'
     90    };   
     91
     92    var url_encoded = url;
     93    if(encode_percentages) {
     94    // https://stackoverflow.com/questions/1168807/how-can-i-add-a-key-value-pair-to-a-javascript-object
     95    //unsafe_mappings["%"] = "%25";
     96    url_encoded = url_encoded.replace(/\%/g,"%25"); // encode % first
     97
     98    }
     99    url_encoded = url_encoded.replace(/[\ \"\<\>\#\{\}\|\\\^\[\]\`]/g, function(s) {
     100    return unsafe_mappings[s];
     101    });
     102   
     103
     104    //var url_encoded = url;
     105    ///if(encode_percentages) { url_encoded = url_encoded.replace(/\%/g,"%25"); } // encode % first
     106    //url_encoded = url_encoded.replace(/ /g, "%20").replace(/\"/g,"%22").replace(/\</g,"%3C").replace(/\>/g,"%3E").replace(/\#/g,"%23").replace(/\{/g,"%7B").replace(/\}/g,"%7D");
     107    //url_encoded = url_encoded.replace(/\|/g,"%7C").replace(/\\/g,"%5C").replace(/\^/g,"%5E").replace(/\[/g,"%5B").replace(/\]/g,"%5D").replace(/\`/g,"%60");
     108   
     109    return url_encoded;
    31110}
    32111
     
    47126    template += '</xsl:template>';
    48127   
    49     template = makeURLSafe(template);
     128    template = makeSafeForURL(template);
    50129   
    51130    var hlCheckBox = document.getElementById("highlightOption");
     
    117196    template += '</xsl:template>';
    118197
    119     template = makeURLSafe(template);
     198    template = makeSafeForURL(template);
    120199    var url = gs.xsltParams.library_name + "/collection/" + gs.cgiParams.c + "/document/" + sectionID + "?ilt=" + template;
    121200
     
    686765    ilt += '</xsl:template>';
    687766   
    688     ilt = makeURLSafe(ilt);
     767    ilt = makeSafeForURL(ilt);
    689768
    690769
     
    9511030        template +=   '</html>';
    9521031        template += '</xsl:template>';
    953     template = makeURLSafe(template);
     1032    template = makeSafeForURL(template);
    9541033        var url = href + "?noText=1&ilt=" + template;
    9551034
     
    13551434    template +=   ']</images>';
    13561435    template += '</xsl:template>';
    1357     template = makeURLSafe(template);
     1436    template = makeSafeForURL(template);
    13581437    var url = gs.xsltParams.library_name + "/collection/" + gs.cgiParams.c + "/document/" + gs.cgiParams.d + "?ed=1&ilt=" + template;
    13591438
Note: See TracChangeset for help on using the changeset viewer.