Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Wrap URL string in quotes to avoid escaping issues #37020

Closed

Conversation

niloc132
Copy link

@niloc132 niloc132 commented Mar 2, 2023

This ensures that the browser will expect that single-quotes in the url string are not the end of the string, but part of the url.

Fixes #31224
Signed-off-by: Colin Alworth [email protected]

Summary

The "file picker" dialog was previously not able to display previews for files if there was a ' character in their path. This fix wraps the string passed to the css url() function with double-quotes, since URLs must escape double quotes (so additional quoting won't be required, whereas if the wrapping was done with a single-quote, then additional single-quotes in the URL would need to be further escaped). This is the simplest fix to ensure that properly-encoded URLs will be recognized by the browser.

TODO

N/A

Checklist

  • Code is properly formatted
  • Sign-off message is added to all commits
  • Tests (unit, integration, api and/or acceptance) are included (Appears to not apply, I am not seeing testing for this kind of change, please direct me if this is incorrect)
  • Screenshots before/after for front-end changes
  • Documentation (manuals or wiki) has been updated or is not required (not required)
  • Backports requested where applicable (ex: critical bugfixes) (N/A)

Before:
image

After:
image

There are some other notes that js should be built and checked in, but it isn't clear to me if CI should do that. The current settings for Github CodeSpaces cannot run the make dev-setup command in its present configuration, and I haven't figured out the precise combination that should build without changes at current HEAD, so any change I make appears to modify every file in dist/.

This ensures that the browser will expect that single-quotes in the url
string are not the end of the string, but part of the url.

Fixes nextcloud#31224
Signed-off-by: Colin Alworth <[email protected]>
@szaimen szaimen added this to the Nextcloud 26 milestone Mar 2, 2023
@szaimen szaimen added bug 3. to review Waiting for reviews labels Mar 2, 2023
@szaimen szaimen requested review from skjnldsv, Pytal, a team and szaimen and removed request for a team March 2, 2023 23:01
core/src/OC/dialogs.js Outdated Show resolved Hide resolved
@niloc132
Copy link
Author

niloc132 commented Mar 2, 2023

Should I also modify the filepicker.html file to include these quotes, even though that part of the template is replaced by this JS?

@Pytal
Copy link
Member

Pytal commented Mar 2, 2023

Should I also modify the filepicker.html file to include these quotes, even though that part of the template is replaced by this JS?

Sure :)

@niloc132
Copy link
Author

niloc132 commented Mar 3, 2023

Just my luck to have a major outage in GHA when I try to make my first PR to this project..

image

https://www.githubstatus.com/

@szaimen szaimen closed this Mar 3, 2023
@szaimen szaimen reopened this Mar 3, 2023
@szaimen szaimen enabled auto-merge March 3, 2023 22:07
@blizzz blizzz mentioned this pull request Mar 7, 2023
@blizzz blizzz modified the milestones: Nextcloud 26, Nextcloud 27 Mar 7, 2023
@niloc132
Copy link
Author

Anything else I can/should do to help this along?

@szaimen
Copy link
Contributor

szaimen commented Mar 11, 2023

Yes, please rebase on top of master, run npm run build and commit all files here. Thanks!

@niloc132
Copy link
Author

I'm afraid I can't follow the setup instructions locally (I'm not going to be giving sudo rights to npm), and the codespaces setup doesn't work (wrong npm/node versions, and an hour of trial and error couldn't get it to have the right ones). The closest I could get with codespaces (as noted in my description) would modify every file in dist/, so it seems the expected setup is very specific. Is there an accurate setup doc that I can follow, or is there a CI step that can provide the expected output for those files?

@szaimen
Copy link
Contributor

szaimen commented Mar 11, 2023

Yes, there is a command available that would do this automatically. Unfortunately it does not work for forks.

However did you already try npm ci after the rebase and the npm run build? I unfortunately forgot to mention this.

@niloc132
Copy link
Author

For what its worth, I created the codespace on the main repo, and only created a fork after I wasn't able to build (and manually edited the already-minified js file to test my fix directly).

I'll rebase and npm ci, run build and post any updates.

@szaimen
Copy link
Contributor

szaimen commented Apr 17, 2023

I'll rebase and npm ci, run build and post any updates.

Hi @niloc132 any update on this? :)

@szaimen szaimen removed the 3. to review Waiting for reviews label Apr 26, 2023
@szaimen szaimen added the 2. developing Work in progress label Apr 26, 2023
This was referenced May 3, 2023
@blizzz blizzz mentioned this pull request May 17, 2023
@blizzz blizzz modified the milestones: Nextcloud 27, Nextcloud 28 May 23, 2023
@skjnldsv skjnldsv changed the base branch from master to stable27 September 2, 2023 07:10
@skjnldsv
Copy link
Member

skjnldsv commented Sep 2, 2023

Closing as 27 and 28 got a new picker

@skjnldsv skjnldsv closed this Sep 2, 2023
auto-merge was automatically disabled September 2, 2023 07:14

Pull request was closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
2. developing Work in progress bug
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[Bug]: The preview of the personal wallpapers of the dashboard is not displayed
5 participants