Urls should be safe by default
See original GitHub issueFollowing https://github.com/algolia/instantsearch.js/issues/848#issuecomment-191795411 and a support request we had also recently, I believe we should fix our urls.
We will get more and more issues about unsafe urls in the future.
Problem :trollface:
we implemented urls so that they do not look too bad:
?query=&hits=24&idx=instant_search&p=0&nR[price][<=][0]=320&is_v=1
But this is not really standard because most parameters should be encoded so that our urls are compatible with every use case (copy pasting from/to email/app/slack, server side parsing, library parsing…)
Thus it would mean having urls like:
?query=&hits=24&idx=instant_search&p=0&nR%5Bprice%5D%5B%3C%3D%5D%5B0%5D=380&is_v=1
Not so clean and readable but would work everywhere.
Possible solutions 🐴
- allow the helper to always encode. It’s currently disabled and we specifically asked for this feature in the
qs
project (lol)
This even seem to be backward compatible. It would be a WTF moment for developers but safety first!
- create a brand new stringifier for complex objects => url which would not be based on unsafe characters like [ ] > =
Here we should be careful about URL versions if we want to stay backward compatible (is_v= will help)
Help and feedback appreciated.
Issue Analytics
- State:
- Created 7 years ago
- Comments:11 (9 by maintainers)
Top GitHub Comments
We had to encode [] also because when copy pasting links those need to be encoded.
You can check which ones needs to be encoded in a URL by doing:
For example copy pasting those links in slack or in emails resulted in failures given the email client or the slack client.
Happy to revisit/rediscuss this if some testing prove this is not necessary. (maybe open another issue if so)
Let me explain further. Right now, we have a generic solution that completly maps whatever could be in the SearchParameters. Our problem comes from the fact we serialize deep structures automatically. This leads to :
fR[format][0]=Wild
in which we have[
and]
. What about we let the user make it’s own mapping,format=Wild,Standard
for a the list of selected facets for the attributeformat
?I don’t have an idea for an API. 😃
In the mean time, the PR look nice 😃