GraphQL: names can contain invalid characters, and crashes GraphiQL

api-platform / core

The server component of API Platform: hypermedia and GraphQL APIs in minutes

https://api-platform.com

MIT License

2.45k stars 876 forks source link

GraphQL: names can contain invalid characters, and crashes GraphiQL #4622

Open dunglas opened 2 years ago

dunglas commented 2 years ago

API Platform version(s) affected: 2.6

Description

How to reproduce

git clone https://github.com/api-platform/core
cd core/tests/Fixtures/app
php -S localhost:8000 -t public/
open http://localhost:8000/graphql/graphiql

Possible Solution
Encore or replace invalid chars.

soyuka commented 1 year ago

Note that this is way harder then it looks as there's no way to "validate" the schema according to GraphQl validation rules, which are hard coded at https://github.com/graphql/graphiql/blob/6d364126aeff761d2bff6db53b6431a181269029/packages/graphiql-react/src/schema.tsx#L337.

My idea would be to create a graphiql validator for our graphql introspection schema.