Opened 6 years ago

Closed 4 years ago

#17854 closed defect (patchwelcome)

dojo/store/JsonRest doesn't encode IDs with reserved characters

Reported by: doublecompile Owned by:
Priority: undecided Milestone: 1.11
Component: Data Version: 1.9.3
Keywords: Cc:
Blocked By: Blocking:

Description

The get, put, and remove functions of dojo/store/JsonRest simply concatenate the provided ID and the target to use for the request URL. Below is the example code from the get method.

return xhr("GET", {
	url: this.target + id,
	handleAs: "json",
	headers: headers
});

A problem arises when the ID contains a forward slash, e.g. 1234/5678. For example, if the target was http://example.com/rest/target/, the URL these functions create would be http://example.com/rest/target/1234/5678 when they should be generating http://example.com/rest/target/1234%2F5678.

The noted functions in dojo/store/JsonRest should use the encodeURIComponent function to avoid problems with reserved URL characters.

While one could use encodeURIComponent before passing the ID into the store functions, it requires knowledge that the store is a dojo/store/JsonRest. A developer wouldn't want to encode IDs going into a dojo/store/Memory, for example.

Change History (1)

comment:1 Changed 4 years ago by dylan

Milestone: tbd1.11
Resolution: patchwelcome
Status: newclosed

Will determine if this is an issue with dstore ( http://dstorejs.io/ ). Also would accept a pull request to address this for dojo/store.

Note: See TracTickets for help on using tickets.