fix($resource): add semicolon to whitelist of delimiters to unencode in URL params
The unencoding happens in methods `encodeUriQuery`/`encodeUriSegment`. Both core and `ngResource`
used to have identical implementations of these methods. Due to this duplication, the
implementations got out-of-sync.
Specifically, the semicolon has been added to the whitelist of unencoded characters in core since
`v1.3.0-beta.18`. See 3625803 for more info.
This commit fixes the problem and the underlying cause by reusing core's methods in `ngResource`.
(The methods are exposed as private helpers on `window.angular`.)
Closes #14309
This commit is contained in:
committed by
Georgios Kalpakas
parent
7a191eb400
commit
2456ab63a6
+1
-1
@@ -1394,7 +1394,7 @@ function encodeUriSegment(val) {
|
||||
* This method is intended for encoding *key* or *value* parts of query component. We need a custom
|
||||
* method because encodeURIComponent is too aggressive and encodes stuff that doesn't have to be
|
||||
* encoded per http://tools.ietf.org/html/rfc3986:
|
||||
* query = *( pchar / "/" / "?" )
|
||||
* query = *( pchar / "/" / "?" )
|
||||
* pchar = unreserved / pct-encoded / sub-delims / ":" / "@"
|
||||
* unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
|
||||
* pct-encoded = "%" HEXDIG HEXDIG
|
||||
|
||||
@@ -152,9 +152,11 @@ function publishExternalAPI(angular) {
|
||||
'uppercase': uppercase,
|
||||
'callbacks': {$$counter: 0},
|
||||
'getTestability': getTestability,
|
||||
'reloadWithDebugInfo': reloadWithDebugInfo,
|
||||
'$$minErr': minErr,
|
||||
'$$csp': csp,
|
||||
'reloadWithDebugInfo': reloadWithDebugInfo
|
||||
'$$encodeUriSegment': encodeUriSegment,
|
||||
'$$encodeUriQuery': encodeUriQuery
|
||||
});
|
||||
|
||||
angularModule = setupModuleLoader(window);
|
||||
|
||||
@@ -514,49 +514,12 @@ angular.module('ngResource', ['ng']).
|
||||
this.$get = ['$http', '$log', '$q', '$timeout', function($http, $log, $q, $timeout) {
|
||||
|
||||
var noop = angular.noop,
|
||||
forEach = angular.forEach,
|
||||
extend = angular.extend,
|
||||
copy = angular.copy,
|
||||
isFunction = angular.isFunction;
|
||||
|
||||
/**
|
||||
* We need our custom method because encodeURIComponent is too aggressive and doesn't follow
|
||||
* http://www.ietf.org/rfc/rfc3986.txt with regards to the character set
|
||||
* (pchar) allowed in path segments:
|
||||
* segment = *pchar
|
||||
* pchar = unreserved / pct-encoded / sub-delims / ":" / "@"
|
||||
* pct-encoded = "%" HEXDIG HEXDIG
|
||||
* unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
|
||||
* sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
|
||||
* / "*" / "+" / "," / ";" / "="
|
||||
*/
|
||||
function encodeUriSegment(val) {
|
||||
return encodeUriQuery(val, true).
|
||||
replace(/%26/gi, '&').
|
||||
replace(/%3D/gi, '=').
|
||||
replace(/%2B/gi, '+');
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* This method is intended for encoding *key* or *value* parts of query component. We need a
|
||||
* custom method because encodeURIComponent is too aggressive and encodes stuff that doesn't
|
||||
* have to be encoded per http://tools.ietf.org/html/rfc3986:
|
||||
* query = *( pchar / "/" / "?" )
|
||||
* pchar = unreserved / pct-encoded / sub-delims / ":" / "@"
|
||||
* unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
|
||||
* pct-encoded = "%" HEXDIG HEXDIG
|
||||
* sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
|
||||
* / "*" / "+" / "," / ";" / "="
|
||||
*/
|
||||
function encodeUriQuery(val, pctEncodeSpaces) {
|
||||
return encodeURIComponent(val).
|
||||
replace(/%40/gi, '@').
|
||||
replace(/%3A/gi, ':').
|
||||
replace(/%24/g, '$').
|
||||
replace(/%2C/gi, ',').
|
||||
replace(/%20/g, (pctEncodeSpaces ? '%20' : '+'));
|
||||
}
|
||||
forEach = angular.forEach,
|
||||
extend = angular.extend,
|
||||
copy = angular.copy,
|
||||
isFunction = angular.isFunction,
|
||||
encodeUriQuery = angular.$$encodeUriQuery,
|
||||
encodeUriSegment = angular.$$encodeUriSegment;
|
||||
|
||||
function Route(template, defaults) {
|
||||
this.template = template;
|
||||
|
||||
@@ -254,10 +254,14 @@ describe("basic usage", function() {
|
||||
$httpBackend.expect('GET', '/Path/foo%231').respond('{}');
|
||||
$httpBackend.expect('GET', '/Path/doh!@foo?bar=baz%231').respond('{}');
|
||||
$httpBackend.expect('GET', '/Path/herp$').respond('{}');
|
||||
$httpBackend.expect('GET', '/Path/foo;bar').respond('{}');
|
||||
$httpBackend.expect('GET', '/Path/foo?bar=baz;qux').respond('{}');
|
||||
|
||||
R.get({a: 'foo#1'});
|
||||
R.get({a: 'doh!@foo', bar: 'baz#1'});
|
||||
R.get({a: 'herp$'});
|
||||
R.get({a: 'foo;bar'});
|
||||
R.get({a: 'foo', bar: 'baz;qux'});
|
||||
});
|
||||
|
||||
it('should not encode @ in url params', function() {
|
||||
|
||||
Reference in New Issue
Block a user