[Caja] Allow HTML entities in URIs (issue1945041)

Tue, 10 Aug 2010 07:32:06 -0700 

Reviewers: your-friendly-neighborhood-cajador_gmail.com,

Description:
When Caja's ResolveUriStage resolves the source URL in a script
node, the "&" gets rewritten to "&amp%3b".
I have narrowed the issue down to UriUtil#normalizeQuery (correctly)
escaping semicolon in query strings.

ResolveUriStage#resolveRelativeUrls should be unescaping HTML entities
before calling UriUtil.resolve and escaping HTML entities afterwards.

Example:
<html><body>
<script src="http://example.com/path/?a=1&amp;b=2";>
</body></html>

Please review this at http://codereview.appspot.com/1945041/show

Affected files:
  M     src/com/google/caja/plugin/stages/ResolveUriStage.java
  M     tests/com/google/caja/plugin/stages/ResolveUriStageTest.java


Index: tests/com/google/caja/plugin/stages/ResolveUriStageTest.java
===================================================================
--- tests/com/google/caja/plugin/stages/ResolveUriStageTest.java (revision 4233) +++ tests/com/google/caja/plugin/stages/ResolveUriStageTest.java (working copy) 
@@ -33,6 +33,22 @@
             ContentType.HTML));
   }

+  public final void testLinkWithEscapedEntities() throws Exception {
+    assertPipeline(
+        job("<a href=http://example.com/bar?a=1&amp;b=2>foo</a>",
+            ContentType.HTML),
+        job("<a href=\"http://example.com/bar?a=1&amp;b=2\";>foo</a>",
+            ContentType.HTML));
+  }
+
+    public final void testLinkWithUnEscapedEntities() throws Exception {
+    assertPipeline(
+        job("<a href=http://example.com/bar?a=1&b=2>foo</a>",
+            ContentType.HTML),
+        job("<a href=\"http://example.com/bar?a=1&amp;b=2\";>foo</a>",
+            ContentType.HTML));
+  }
+
   public final void testAnchorOnly() throws Exception {
     assertPipeline(
         job("<a href=#bar>foo</a>", ContentType.HTML),
Index: src/com/google/caja/plugin/stages/ResolveUriStage.java
===================================================================
--- src/com/google/caja/plugin/stages/ResolveUriStage.java      (revision 4233)
+++ src/com/google/caja/plugin/stages/ResolveUriStage.java      (working copy)
@@ -122,7 +122,9 @@
       URI baseUri = baseUri(node, job.getBaseUri(), dom.getFilePosition());
       if (baseUri != null) {
         try {
-          baseUri = URI.create(UriUtil.normalizeUri(baseUri.toString()));
+          String raw = Nodes.decode(baseUri.toString());
+          String normalizedUri = UriUtil.normalizeUri(raw);
+          baseUri = URI.create(Nodes.encode(normalizedUri));
         } catch (URISyntaxException ex) {
           mq.addMessage(
               PluginMessageType.MALFORMED_URL, dom.getFilePosition(),

Reply via email to