Opened 9 years ago

Closed 3 years ago

#10722 closed defect (wontfix)

queryToObject throws exception for malformed URI sequence

Reported by: MartinLogan Owned by: Bryan Forbes
Priority: high Milestone: 1.11
Component: IO Version: 1.4.0
Keywords: queryToObject, throws exception Cc: mlogan@…
Blocked By: Blocking:

Description

decodeURIComponent can throw an exception on a malformed sequence - e.g. In our case, a user either cut and pasted or was given a URL that ended %A1 - We are UTF 8 so that is invalid

I have attached a patch that ignores invalid param names / values.

I'm not sure if this is appropriate, but it did not seem to make sense that it was throwing and exception - Maybe it could return an additional attribute that says there were errors?

Attachments (1)

xhr.js.patch (839 bytes) - added by MartinLogan 9 years ago.

Download all attachments as: .zip

Change History (7)

Changed 9 years ago by MartinLogan

Attachment: xhr.js.patch added

comment:1 Changed 9 years ago by davidmark

Owner: changed from anonymous to davidmark
Status: newassigned

Cannot just wrap it in a try-catch. That is side-stepping the issue. First find out what is _causing_ the exception to be thrown.

I see isArray in there too. That is always suspect (and unneeded).

comment:2 Changed 9 years ago by davidmark

To avert the URIError, you could put the try-catch around just these two lines:-

var name = dec(parts.shift()); var val = dec(parts.join("="));

But why pass it a malformed URI at all? Perhaps you need a different function as this one is not equipped for malformed URI's.

And lose that isArray call. The tested value can be a string, undefined or an array. The typeof operator returns 'string', 'undefined' and 'object' respectively (so look for the last one). ;)

comment:3 Changed 9 years ago by dante

Owner: changed from davidmark to anonymous
Status: assignednew

comment:4 Changed 8 years ago by Chris Mitchell

Owner: anonymous deleted

comment:5 Changed 7 years ago by bill

Component: CoreIO
Owner: set to Bryan Forbes

You can close as wontfix if this is addressed with the new dojo/request code. Or is this not in the IO category?

comment:6 Changed 3 years ago by dylan

Milestone: tbd1.11
Resolution: wontfix
Status: newclosed

This was fixed with dojo/request. We have no plans to make further updates to the now deprecated dojo/_base/xhr

Note: See TracTickets for help on using tickets.