MXIDs with slashes (`/`) incorrectly rejected

matrix-org / matrix.to

A simple stateless privacy-protecting URL redirecting service for Matrix

http://matrix.to

Apache License 2.0

962 stars 207 forks source link

MXIDs with slashes (`/`) incorrectly rejected #288

Open 0x1a8510f2 opened 2 years ago

0x1a8510f2 commented 2 years ago

Per the spec, MXIDs are allowed to contain forward slashes (/). However, matrix.to rejects such MXIDs:

The localpart of a user ID is an opaque identifier for that user. It MUST NOT be empty, and MUST contain only the characters a-z, 0-9, ., _, =, -, and /.

Zocker1999NET commented 1 year ago

this probably happens because the parser does split the fragment (except the common prefix) by / (for the event id) before checking where the local part ends:

https://github.com/matrix-org/matrix.to/blob/fde53099eb2701bf975128aca64a7cf45cc2ec5a/src/Link.js#L114

ahmedakef commented 1 year ago

this issue made me stop using https://cactus.chat/ in my static website and will instead use https://giscus.app/

AsbjornOlling commented 11 months ago

Maintainer of Cactus Comments here. I was just made aware of this bug in matrix.to because a friend of mine has broken links on their blog because of it as well. It seems to still be an issue.

pombredanne commented 10 months ago

We have likely the same issue:

If I "copy the room link" in Element Desktop (or Web too BTW), https://matrix.to/#/#aboutcode-org/fosdem-2024:gitter.im is the link copied

But this is a dead, invalid link. It should have been https://app.gitter.im/#/room/#aboutcode-org/fosdem-2024:gitter.im

matrix.to does not redirect correctly rooms with a slash.

pombredanne commented 10 months ago

I am experiencing the same issue and I originally thought this was an Element problem. https://github.com/element-hq/element-desktop/issues/1435 ... this makes life really difficult as the generated matrix.to links are useless and error out. So you cannot really share you room at all.

pombredanne commented 10 months ago

as @Zocker1999NET pointed out the split is the issue. Here is a simple excerpt:

function parseFragment(fragment) {
        let [linkStr, queryParamsStr] = fragment.split("?");
        linkStr = linkStr.slice(2);
        const [identifier, eventId] = linkStr.split("/");
        return {"identifier": identifier, "eventId": eventId};
    }
parseFragment("/#aboutcode-org/vulnerablecode:gitter.im")

returns:

Object { identifier: "aboutcode-org", eventId: "vulnerablecode:gitter.im" }

But should have returned:

Object { identifier: "aboutcode-org/vulnerablecode:gitter.im", eventId: "" }

Also I could not find a tests for this function... are they in another repository may be? :innocent:

shadow-identity commented 7 months ago

Neither unescaped (https://matrix.to/#/@it/sme:matrix.org) nor escaped (https://matrix.to/#/@it%2Fsme:matrix.org) links does not work.

shadow-identity commented 7 months ago

Also the error message is misleading because the URL is actually valid

> new URL('https://matrix.to/#/@it/sme:matrix.org')
> URL {
hash: "#/@it/sme:matrix.org"
host: "matrix.to"
hostname: "matrix.to"
href: "https://matrix.to/#/@it/sme:matrix.org"
origin: "https://matrix.to/"
password: ""
pathname: "/"
port: ""
protocol: "https:"
search: ""
searchParams: URLSearchParams(0)
username: ""
}