Encoded link - query parameter(s) not cleaned

Cimbali / CleanLinks

Converts obfuscated/nested links to genuine clean links.

https://addons.mozilla.org/en-GB/firefox/addon/clean-links-webext/

Mozilla Public License 2.0

76 stars 2 forks source link

Encoded link - query parameter(s) not cleaned #137

Closed ghost closed 3 years ago

ghost commented 3 years ago

Hey, It seems like when URL of a link is encoded, query parameter(s) are not cleaned.

Example URLs: https://example.com/one/two/three?shared%3D480874-7c5805ff-1 https://example.com/foo/bar/?shared%3D1956400-c5eb05fe-1

Cimbali commented 3 years ago

Sorry I’m not sure what you expect here? Percent-encoded characters are protected, so your URLs don’t contain a shared parameter with value 1956400-c5eb05fe-1 but a shared=1956400-c5eb05fe-1 parameter which could have a value (but doesn’t). We can’t circumvent this without breaking all percent-encoding basically.

However if shared is cleaned, you can also add rules to remove shared.* or shared%3D.*

ghost commented 3 years ago

There is a link (example.com is just an example domain):

<a href="https://example.com/one/two/three/?shared%3D1959190-ae17dc8b-1" target="_blank" class="my-class" rel="noopener">Foobar</a>

There is a rule:

{
  ...
  ".com": {
    ".example": {
      "actions": {
        "remove": [
          "shared"
        ]
      }
    }
  }
  ...
}

The "shared" parameter is not cleaned - it is included in the URL if I click "Copy clean link" context menu or click the link.

Cimbali commented 3 years ago

As I said, you don’t have a shared parameter. You have a shared=1956400-c5eb05fe-1 with no value (so no =value part). The full %3D... is part of the parameter name: that’s the purpose of percent-encoding, to include symbols like = so they don’t have their value of token separation.

ghost commented 3 years ago

Ok, now I get it. Kinda clever in a negative way... Thanks for your time.