Application developers that make authenticated requests via
gadgets.io.makeRequest are bound to run into odd encoding issues if
their parameter keys and values are not escaped using RFC3986 [1].
For example:
1) Developer makes a call
gadgets.io.makeRequest("http://example.com/?query='select * from
something'")
2) The server will receive this request and transform the url to
http://example.com/?query=%27select * from something%27
3) During XHR callback processing (see the method processResponse in
features/core.io/io.js) we will try to get the data.
data = data["http://example.com/?query='select * from something'"];
This is undefined because the url it really should be looking for is
http://example.com/?query=%27select * from something%27
One way to solve this is to make a method that abides by RFC3986 is
included in gadgets.util. A developer would then call this method to
properly encode their URL before calling makeRequest. Another way is
to use a method that abides by RFC3986 inside makeRequest.
The method we need is already in the Javascript OAuth library
http://oauth.googlecode.com/svn/code/javascript/oauth.js (look for the
method percentEncode).
[1] The OAuth spec
says(http://oauth.net/core/1.0/#encoding_parameters): All parameter
names and values are escaped using the [RFC3986] (Berners-Lee, T.,
"Uniform Resource Identifiers (URI): Generic Syntax," .)
percent-encoding (%xx) mechanism. Characters not in the unreserved
character set ([RFC3986] (Berners-Lee, T., "Uniform Resource
Identifiers (URI): Generic Syntax," .) section 2.3) MUST be encoded.
Characters in the unreserved character set MUST NOT be encoded.
Hexadecimal characters in encodings MUST be upper case. Text names and
values MUST be encoded as UTF-8 octets before percent-encoding them
per [RFC3629] (Yergeau, F., "UTF-8, a transformation format of Unicode
and ISO 10646," .).
Thanks,
Chirag Shah
