Stray percent character in query parameter causes crash

[ammoniak]

Adding a stray percent character % somewhere in the query parameter of an API call crashes the api.
Example: http://staging.openki.net/api/0/json/venues?region=%
Actual output:

{
	"status": "error",
	"message": "Server error"
}

Expected output

{
	"status": "success",
	"data": []
}

[sablonier]

Vote for "Defect", not "Defect (not urgent)". In my opinion this is a serious url encoding issue.

[sablonier]

https://openki.net/find?categories=%humanities
https://openki.net/course/ZH33zGn6nhjunoFjW/circling%
Maybe "JSON-API:" should be removed in the title.
a serious url encoding issue
Vote for "Defect", not "Defect (not urgent)".

I see that the issue might be how "URIError: malformed URI sequence" is handled with decodeURIComponent in url-tools.js. It has to be thrown and there is no url encodign/decoding issue. Maybe it is more a question about how the exception is handled and what is finally done (currently API gives back non-specific errors, client stopps rendering etc).

[sbalmer]

If the client sends us a broken URL, they should get an error back. It would be good if we could send a proper 400 status code but other than that it is not an issue.

[sablonier]

Thank you for looking into this. Getting something back instead of a blank page is good anyway.