Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Chinese Characters in URLs not allowed #1178

Open
1 task done
marcruef opened this issue Jan 31, 2024 · 1 comment
Open
1 task done

Chinese Characters in URLs not allowed #1178

marcruef opened this issue Jan 31, 2024 · 1 comment

Comments

@marcruef
Copy link
Contributor

marcruef commented Jan 31, 2024

Prerequisites

  • Put an X between the brackets on this line if you have done all of the following:
    • Checked the FAQs on the message board for common solutions: (TBD)
    • Checked that your issue isn't already filed.

Description

If a JSON contains an URL with Chinese characters the validation fails.

Steps to Reproduce

  1. Create a JSON file with an URL element
  2. Put something like https://github.com/4nNns/cveAdd/blob/developer/sqli/万户EZOFFICE%20前台SQL注入漏洞.md in it
  3. Try to upload the file

Expected behavior:

JSON file is accepted

Actual behavior:

JSON file is rejected

Reproduces how often:

100%

Versions

2.2.0

Additional Information

We had this problem with CVE-2024-1012 and encoded the URL to https://github.com/4nNns/cveAdd/blob/b73e94ff089ae2201d9836b4d61b8175ff21618a/sqli/%E4%B8%87%E6%88%B7EZOFFICE%20%E5%89%8D%E5%8F%B0SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md to circumvent the error as a workaround.

@tschmidtb51
Copy link

Just a comment from the sidelines:

I think the behavior is correct: The JSON schema specifies uriType as `"format": "uri" and "according to RFC 3986". IMHO, this requires Chinese Characters to be percent-encoded.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: Low Priority
Development

No branches or pull requests

3 participants