Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

% cannot be escaped in url params

See original GitHub issue

Describe the bug parameterized routes do not properly parse the % sign in a url.

If I have a url that contains a percent that needs to be escaped, I would use the function encodeUri. For example:

encodeURI('/sample/test%20me') // returns "/sample/test%2520me"

What actually happens, is svelte kit reads this url as test me

Logs

To Reproduce

npm init svelte@next
npm install

create the file src/routes/sample/[param].svelte with the following contents:

<script context="module">
  export function load({ page }) {
    const { param } = page.params
    return {
      props: { param }
    }
  }
</script>

<script>
  export let param
</script>
param is: "{param}"

opening this url: http://localhost:3000/sample/test%2520me displays param is "test me"

Expected behavior the page should display param is test%20me.

Stacktraces

Information about your SvelteKit Installation:

Diagnostics

System: OS: Linux 5.12 Arch Linux CPU: (4) x64 Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz Memory: 5.48 GB / 18.96 GB Container: Yes Shell: 5.8 - /usr/bin/zsh Binaries: Node: 16.3.0 - /usr/local/bin/node Yarn: 1.22.4 - ~/.npm-packages/bin/yarn npm: 7.11.2 - ~/.npm-packages/bin/npm Browsers: Firefox: 89.0.1 npmPackages: @sveltejs/kit: next => 1.0.0-next.116 svelte: ^3.34.0 => 3.38.3

Your browser: Google Chrome 91.0.4472.114

Severity I have a local web app that displays system files using a route like src/routes/file/[...filepath].svelte. For whatever reason, some files happen to contain %20 inside them (likely because they were encoded weirdly once upon a time. With this bug as it stands, I cannot display any files that contain percents inside them, because I have no way of telling the server that a percent is part of the filepath.

Additional context I found a possibly related issue in the polka server repo: https://github.com/lukeed/polka/issues/119 (I assume polka is still the internal server)

Issue Analytics

State:
Created 2 years ago
Comments:13 (7 by maintainers)

Top GitHub Comments

3reactions

benmccanncommented, Aug 31, 2021

well I guess we went from triple decoding to just double decoding 😕

1reaction

benmccanncommented, Sep 7, 2021

You could file an issue with Vite. It looks like that’s where it’s coming from

Top Results From Across the Web

javascript - Get escaped URL parameter - Stack Overflow

I'm looking for a jQuery plugin that can get URL parameters, and support this search string without outputting the JavaScript error: "malformed URI ......

URL escape before inserting user data into HTML URL ...

Rule #5 is for when you want to put untrusted data into HTTP GET parameter value. <a href="http://www.somesite.com?test=...ESCAPE UNTRUSTED DATA ...

Unable to Use Special Characters in URL Parameters

The backslash is needed to escape the special character. For example, the URL encoding sequence for backslash and comma (\,) is %5c%2c.

URL escape codes

Character URL Escape Codes String Literal Escape Code SPACE %20 $20 < %3C $3C > %3E $3E

HTML URL Encoding Reference - W3Schools

Character From Windows‑1252 From UTF‑8 space %20 %20 ! %21 %21 " %22 %22