fix($resource): add semicolon to whitelist of delimiters to unencode in URL params

The unencoding happens in methods `encodeUriQuery`/`encodeUriSegment`. Both core and `ngResource`
used to have identical implementations of these methods. Due to this duplication, the
implementations got out-of-sync.

Specifically, the semicolon has been added to the whitelist of unencoded characters in core since
`v1.3.0-beta.18`. See 3625803 for more info.

This commit fixes the problem and the underlying cause by reusing core's methods in `ngResource`.
(The methods are exposed as private helpers on `window.angular`.)

Closes #14309
This commit is contained in:
Nicholas Serra
2016-03-23 13:37:57 -04:00
committed by Georgios Kalpakas
parent 7a191eb400
commit 2456ab63a6
4 changed files with 14 additions and 45 deletions
+1 -1
View File
@@ -1394,7 +1394,7 @@ function encodeUriSegment(val) {
* This method is intended for encoding *key* or *value* parts of query component. We need a custom
* method because encodeURIComponent is too aggressive and encodes stuff that doesn't have to be
* encoded per http://tools.ietf.org/html/rfc3986:
* query = *( pchar / "/" / "?" )
* query = *( pchar / "/" / "?" )
* pchar = unreserved / pct-encoded / sub-delims / ":" / "@"
* unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
* pct-encoded = "%" HEXDIG HEXDIG
+3 -1
View File
@@ -152,9 +152,11 @@ function publishExternalAPI(angular) {
'uppercase': uppercase,
'callbacks': {$$counter: 0},
'getTestability': getTestability,
'reloadWithDebugInfo': reloadWithDebugInfo,
'$$minErr': minErr,
'$$csp': csp,
'reloadWithDebugInfo': reloadWithDebugInfo
'$$encodeUriSegment': encodeUriSegment,
'$$encodeUriQuery': encodeUriQuery
});
angularModule = setupModuleLoader(window);
+6 -43
View File
@@ -514,49 +514,12 @@ angular.module('ngResource', ['ng']).
this.$get = ['$http', '$log', '$q', '$timeout', function($http, $log, $q, $timeout) {
var noop = angular.noop,
forEach = angular.forEach,
extend = angular.extend,
copy = angular.copy,
isFunction = angular.isFunction;
/**
* We need our custom method because encodeURIComponent is too aggressive and doesn't follow
* http://www.ietf.org/rfc/rfc3986.txt with regards to the character set
* (pchar) allowed in path segments:
* segment = *pchar
* pchar = unreserved / pct-encoded / sub-delims / ":" / "@"
* pct-encoded = "%" HEXDIG HEXDIG
* unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
* sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
* / "*" / "+" / "," / ";" / "="
*/
function encodeUriSegment(val) {
return encodeUriQuery(val, true).
replace(/%26/gi, '&').
replace(/%3D/gi, '=').
replace(/%2B/gi, '+');
}
/**
* This method is intended for encoding *key* or *value* parts of query component. We need a
* custom method because encodeURIComponent is too aggressive and encodes stuff that doesn't
* have to be encoded per http://tools.ietf.org/html/rfc3986:
* query = *( pchar / "/" / "?" )
* pchar = unreserved / pct-encoded / sub-delims / ":" / "@"
* unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
* pct-encoded = "%" HEXDIG HEXDIG
* sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
* / "*" / "+" / "," / ";" / "="
*/
function encodeUriQuery(val, pctEncodeSpaces) {
return encodeURIComponent(val).
replace(/%40/gi, '@').
replace(/%3A/gi, ':').
replace(/%24/g, '$').
replace(/%2C/gi, ',').
replace(/%20/g, (pctEncodeSpaces ? '%20' : '+'));
}
forEach = angular.forEach,
extend = angular.extend,
copy = angular.copy,
isFunction = angular.isFunction,
encodeUriQuery = angular.$$encodeUriQuery,
encodeUriSegment = angular.$$encodeUriSegment;
function Route(template, defaults) {
this.template = template;
+4
View File
@@ -254,10 +254,14 @@ describe("basic usage", function() {
$httpBackend.expect('GET', '/Path/foo%231').respond('{}');
$httpBackend.expect('GET', '/Path/doh!@foo?bar=baz%231').respond('{}');
$httpBackend.expect('GET', '/Path/herp$').respond('{}');
$httpBackend.expect('GET', '/Path/foo;bar').respond('{}');
$httpBackend.expect('GET', '/Path/foo?bar=baz;qux').respond('{}');
R.get({a: 'foo#1'});
R.get({a: 'doh!@foo', bar: 'baz#1'});
R.get({a: 'herp$'});
R.get({a: 'foo;bar'});
R.get({a: 'foo', bar: 'baz;qux'});
});
it('should not encode @ in url params', function() {