#24311: Incorrect encoding frontent input -> backend request ---------------------------+------------------------------ Reporter: cypherpunks | Owner: metrics-team Type: defect | Status: new Priority: Medium | Milestone: Component: Metrics/Atlas | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: ---------------------------+------------------------------
Comment (by karsten): Wow, good catch! I think we're doing things wrong in at least two places: First, Atlas encodes characters using HTML names, for example, `<` as `<`. But Onionoo does not decode that, and without decoding this is not a valid search parameter value. Hence the 400 status code. Is there a way for Atlas to encode characters differently or avoid encoding and just include characters like `<` in the request to Onionoo? Otherwise we'd have to teach Onionoo how to decode HTML names, and I'm not sure whether that's even a good idea. Second, Oniono does not decode percent-encoded characters in qualified search terms, even though it probably should do that. That means that even if Atlas sent over a query like `https://onionoo.torproject.org/summary?search=contact:%3Cnone%3E`, Onionoo wouldn't decode it. It would just return an empty result set, because there are no contact lines with `%3Cnone%3E`. That's different from the `contact` parameter which is decoded correctly. (It might be that we just ran into this issue in #21366, but it seems related here, too. So, even if Atlas switches from HTML encoding to percent encoding, we'd still have to fix this part in Onionoo.) Oh well. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24311#comment:1> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs