Closed mgiuca closed 6 years ago
@marcoscaceres and @ericwilligers PTAL.
There's a follow-up to this in mgiuca/web-share-target/parse-at-parse-time, which changes the processing and validation to take place at manifest load time. But I separated this change out.
I guess the only thing would be to allow "replace placeholders" to do the null check, and just return an empty string. That would remove a few ifs, but no big deal.
I thought about this a bit, and decided not to. Rationale: This would make the "replace placeholders" algorithm take a maybe-null value and return a maybe-null value. It would return null if-and-only-if the input is null. I generally prefer that functions do not take and return null values, and if the only reason to return null is in case the input is null, I prefer that the caller simply check beforehand. (As a general programming principle.)
This prevents a path escape if the share data includes
".."
. While it is a bit restrictive, we expect templates to mostly be in the query or fragment part of a URL.Closes #30.
Preview | Diff