Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong usage of JS functions (Appendix: Leveraging Dev Tools - Encoding and Decoding) #1070

Open
ukusormus opened this issue Jun 22, 2023 · 1 comment · May be fixed by #1085
Open

Wrong usage of JS functions (Appendix: Leveraging Dev Tools - Encoding and Decoding) #1070

ukusormus opened this issue Jun 22, 2023 · 1 comment · May be fixed by #1085
Labels
revise Needs quality review, updates, or revision
Milestone
v4.3 Release

Comments

@ukusormus
Copy link

What's the issue?

In Appendix: Leveraging Dev Tools > Encoding and Decoding:

  • Suggesting use of escape() and unescape() JavaScript functions for HTML encoding/decoding, while:

    • these functions do not actually encode/decode HTML in the traditional sense (HTML entities). Actual behavior:
    > escape("<script>")
'%3Cscript%3E'

  • Suggesting use of encodeURIComponent() and decodeURIComponent for URL encoding/decoding, while:

    • these functions are meant to encode/decode URL parameter values, not full URLs, e.g.:
    > encodeURIComponent("https://www.example.com/?key=valuew/slash")
'https%3A%2F%2Fwww.example.com%2F%3Fkey%3Dvaluew%2Fslash'

How do we solve it?
@ukusormus ukusormus added help wanted revise Needs quality review, updates, or revision labels Jun 22, 2023
@kingthorin
Copy link
Collaborator

kingthorin commented Jun 22, 2023
edited

Thanks @ukusormus, feel up for tackling the change(s)?

How do we solve it?
Remove current form of HTML encoding/decoding. Maybe look for a better JavaScript solution or omit it entirely?

Let's omit it.

Rename the usage of URL encode/decode to reflect that they're meant for URL parameter values, and/or add encodeURI() also. See more: When are you supposed to use escape instead of encodeURI / encodeURIComponent? - an answer on Stack Overflow

Clarify what it's meant for, and add encodeURI().

@kingthorin kingthorin added this to the v4.3 Release milestone Jun 22, 2023
GincyAG pushed a commit to GincyAG/wstg that referenced this issue Jul 18, 2023
Update 6-Appendix: Leveraging Dev Tools - Encoding and Decoding(OWAS…
613c8e5 
…P#1070)
@GincyAG GincyAG mentioned this issue Jul 18, 2023
Closed
2 tasks
GincyAG pushed a commit to GincyAG/wstg that referenced this issue Jul 18, 2023
Update 6-Appendix: Leveraging Dev Tools - Encoding and Decoding(OWAS…
e71ec3d 
…P#1070)
GincyAG pushed a commit to GincyAG/wstg that referenced this issue Jul 18, 2023
Update 6-Appendix: Leveraging Dev Tools - Encoding and Decoding(OWAS…
e75f1f4 
…P#1070)
@kingthorin kingthorin linked a pull request Jul 18, 2023 that will close this issue
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
revise Needs quality review, updates, or revision
Projects
None yet
Milestone
v4.3 Release
Development

Successfully merging a pull request may close this issue.

Update 6-Appendix: Leveraging Dev Tools - Encoding and Decoding(#1070) GincyAG/wstg
2 participants
@kingthorin @ukusormus