Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Internal server error on requesting an unescaped URL #1

Closed
Rob--W opened this issue May 22, 2012 · 5 comments
Closed

Internal server error on requesting an unescaped URL #1

Rob--W opened this issue May 22, 2012 · 5 comments

Comments

@Rob--W
Copy link

Rob--W commented May 22, 2012

Some characters in the request URI are causing trouble. I first noticed the bug on the space character. Using %20 or + yields the same error. Upon further investigation, I've found many other characters which break the service:

  • Anything between (inclusive) 0x01 and 0x20. These include the tab, carriage return, line feed and space characters.
  • " (%22) - Double quote
  • % (%25) - Percent sign
  • Backslash, square brackets, curly braces, and probably many more.

Examples:

Current solution

The current method to get it to work is to escape the URL twice:

var actualrequest = 'http://example.com/" test+%';
var jsonp_request = 'http://whateverorigin.org/get?url=' + encodeURIComponent(encodeURI(actualrequest));

This looks awkward. encodeURI should not be needed.
@ripper234
Copy link
Owner

Thanks for reporting, I'll take a look later this week / weekend.

@ripper234
Copy link
Owner

Fixed, added a call to UriEncoder.encode.

@Rob--W
Copy link
Author

Rob--W commented Jan 17, 2013

Encoding the URL again is not a solution.

It appears that Play was bugged at the time of reporting this issue. The relevant report can be found here: https://play.lighthouseapp.com/projects/82401-play-20/tickets/285. Can you revert this commite98331e, and test again using the URLs I provided in the first post?

I guess that reverting the commit also fixes #2,

Let me know when you've deployed it.

PS. I ran across this page, you might like it: http://playcheatsheet.appspot.com/show/ArtemMedeu/armed/play-cheatsheets

@ripper234
Copy link
Owner

Sorry, busy time - I don't have the time right now to test this, and I don't want to push it without testing.
Could you test it out and send out a pull request?

I'm not sure the bug you linked to is relevant, it is in Play 2, and I'm using Play 1 (entirely different codebase).

@skeeto
Copy link

skeeto commented Mar 5, 2014

Rob--W is correct. This issue is originally a bug in Play. e98331e introduces an encoding bug in WhateverOrigin, leading to #2. I'm now having problems with it as well.

@niksy niksy mentioned this issue Nov 2, 2014
Closed
navr677 pushed a commit to navr677/navr677 that referenced this issue Sep 4, 2016
@ripper234
Encode URL (issue 1 - ripper234/Whatever-Origin#1)
e98331e
ripper234 pushed a commit that referenced this issue Dec 29, 2016
@AstroCB
Merge pull request #1 from ripper234/master
9e04f0b 
Update readme.markdown
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@skeeto @ripper234 @Rob--W