MXIDs with slashes (`/`) incorrectly rejected

matrix-org / matrix.to

A simple stateless privacy-protecting URL redirecting service for Matrix

http://matrix.to

Apache License 2.0

886 stars 189 forks source link

MXIDs with slashes (`/`) incorrectly rejected #288

Open 0x1a8510f2 opened 1 year ago

0x1a8510f2 commented 1 year ago

Per the spec, MXIDs are allowed to contain forward slashes (/). However, matrix.to rejects such MXIDs:

The localpart of a user ID is an opaque identifier for that user. It MUST NOT be empty, and MUST contain only the characters a-z, 0-9, ., _, =, -, and /.

Zocker1999NET commented 1 year ago

this probably happens because the parser does split the fragment (except the common prefix) by / (for the event id) before checking where the local part ends:

https://github.com/matrix-org/matrix.to/blob/fde53099eb2701bf975128aca64a7cf45cc2ec5a/src/Link.js#L114

ahmedakef commented 1 year ago

this issue made me stop using https://cactus.chat/ in my static website and will instead use https://giscus.app/

AsbjornOlling commented 7 months ago

Maintainer of Cactus Comments here. I was just made aware of this bug in matrix.to because a friend of mine has broken links on their blog because of it as well. It seems to still be an issue.

pombredanne commented 5 months ago

We have likely the same issue:

If I "copy the room link" in Element Desktop (or Web too BTW), https://matrix.to/#/#aboutcode-org/fosdem-2024:gitter.im is the link copied

But this is a dead, invalid link. It should have been https://app.gitter.im/#/room/#aboutcode-org/fosdem-2024:gitter.im

matrix.to does not redirect correctly rooms with a slash.

pombredanne commented 5 months ago

I am experiencing the same issue and I originally thought this was an Element problem. https://github.com/element-hq/element-desktop/issues/1435 ... this makes life really difficult as the generated matrix.to links are useless and error out. So you cannot really share you room at all.

pombredanne commented 5 months ago

as @Zocker1999NET pointed out the split is the issue. Here is a simple excerpt:

function parseFragment(fragment) {
        let [linkStr, queryParamsStr] = fragment.split("?");
        linkStr = linkStr.slice(2);
        const [identifier, eventId] = linkStr.split("/");
        return {"identifier": identifier, "eventId": eventId};
    }
parseFragment("/#aboutcode-org/vulnerablecode:gitter.im")

returns:

Object { identifier: "aboutcode-org", eventId: "vulnerablecode:gitter.im" }

But should have returned:

Object { identifier: "aboutcode-org/vulnerablecode:gitter.im", eventId: "" }

Also I could not find a tests for this function... are they in another repository may be? :innocent:

shadow-identity commented 3 months ago

Neither unescaped (https://matrix.to/#/@it/sme:matrix.org) nor escaped (https://matrix.to/#/@it%2Fsme:matrix.org) links does not work.

shadow-identity commented 3 months ago

Also the error message is misleading because the URL is actually valid

> new URL('https://matrix.to/#/@it/sme:matrix.org')
> URL {
hash: "#/@it/sme:matrix.org"
host: "matrix.to"
hostname: "matrix.to"
href: "https://matrix.to/#/@it/sme:matrix.org"
origin: "https://matrix.to/"
password: ""
pathname: "/"
port: ""
protocol: "https:"
search: ""
searchParams: URLSearchParams(0)
username: ""
}