mirrors/signal-desktop
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 2 Wiki Activity Actions

Percent-encode URL path when reporting spam

Browse source
This commit is contained in:
Evan Hahn 2023-01-19 13:53:04 -06:00 committed by GitHub
parent 6ddb12cd99
commit 7f0ed2599d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 27 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
ts/test-both/util/url_test.ts
View file

@ -4,7 +4,11 @@
import { assert } from 'chai'; import { assert } from 'chai';
import { size } from '../../util/iterables'; import { size } from '../../util/iterables';
import { maybeParseUrl, setUrlSearchParams } from '../../util/url'; import {
maybeParseUrl,
setUrlSearchParams,
urlPathFromComponents,
} from '../../util/url';
describe('URL utilities', () => { describe('URL utilities', () => {
describe('maybeParseUrl', () => { describe('maybeParseUrl', () => {
@ -84,4 +88,18 @@ describe('URL utilities', () => {
assert.strictEqual(newUrl.search, '?foo=bar'); assert.strictEqual(newUrl.search, '?foo=bar');
}); });
}); });
describe('urlPathFromComponents', () => {
it('returns / if no components are provided', () => {
assert.strictEqual(urlPathFromComponents([]), '/');
});
it('joins components, percent-encoding them and removing empty components', () => {
const components = ['foo', '', '~', 'bar / baz qúx'];
assert.strictEqual(
urlPathFromComponents(components),
'/foo/~/bar%20%2F%20baz%20q%C3%BAx'
);
});
});
}); });

4
ts/textsecure/WebAPI.ts
View file

@ -54,7 +54,7 @@ import type {
} from './Types.d'; } from './Types.d';
import { handleStatusCode, translateError } from './Utils'; import { handleStatusCode, translateError } from './Utils';
import * as log from '../logging/log'; import * as log from '../logging/log';
import { maybeParseUrl } from '../util/url'; import { maybeParseUrl, urlPathFromComponents } from '../util/url';
// Note: this will break some code that expects to be able to use err.response when a // Note: this will break some code that expects to be able to use err.response when a
// web request fails, because it will force it to text. But it is very useful for // web request fails, because it will force it to text. But it is very useful for
@ -1780,7 +1780,7 @@ export function initialize({
await _ajax({ await _ajax({
call: 'reportMessage', call: 'reportMessage',
httpType: 'POST', httpType: 'POST',
urlParameters: `/${senderUuid}/${serverGuid}`, urlParameters: urlPathFromComponents([senderUuid, serverGuid]),
responseType: 'bytes', responseType: 'bytes',
}); });
} }

6
ts/util/url.ts
View file

@ -33,3 +33,9 @@ function cloneUrl(url: Readonly<URL>): URL {
function stringifySearchParamValue(value: unknown): string { function stringifySearchParamValue(value: unknown): string {
return value == null ? '' : String(value); return value == null ? '' : String(value);
} }
export function urlPathFromComponents(
components: ReadonlyArray<string>
): string {
return `/${components.filter(Boolean).map(encodeURIComponent).join('/')}`;
}