Opened 14 years ago

Closed 14 years ago

Last modified 12 years ago

#124 closed defect (fixed)

'+' isn't properly escaped for bind requests

Reported by: david Owned by: david
Priority: high Milestone:
Component: General Version: 0.1
Keywords: bind encoding Cc:
Blocked By: Blocking:

Description

bind using a formNode that has a field with a value with a '+' in it and try a GET (haven't tested POST) and the '+' will get passed in the clear. This is bad because '+' are read as spaces by servers.

Change History (5)

comment:1 Changed 14 years ago by david

Status: newassigned

comment:2 Changed 14 years ago by alex

Milestone: 0.1release

So I'm wary of this bug because we're relying on the built-in encodeURIComponent() method in JS in most cases, so if the plus char isn't getting escaped correctly, that would seem to be something we shouldn't really be handling. OTOH, it could be our bug in encodeAscii(). Either way, it should be cleared up for 0.2.

comment:3 Changed 14 years ago by alex

Milestone: 0.1release0.2release

So I'm wary of this bug because we're relying on the built-in encodeURIComponent() method in JS in most cases, so if the plus char isn't getting escaped correctly, that would seem to be something we shouldn't really be handling. OTOH, it could be our bug in encodeAscii(). Either way, it should be cleared up for 0.2.

comment:4 Changed 14 years ago by david

Resolution: fixed
Status: assignedclosed

This was fixed in [1630].

comment:5 Changed 12 years ago by (none)

Milestone: 0.2release

Milestone 0.2release deleted

Note: See TracTickets for help on using tickets.