Not Escaping New Location causes an event to be fired if unique id has spaces

yhyu1220 / reallysimplehistory

Automatically exported from code.google.com/p/reallysimplehistory

Other

0 stars 0 forks source link

Not Escaping New Location causes an event to be fired if unique id has spaces #28

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

What steps will reproduce the problem?
1. Add a history item whose unique id has spaces (foo bar baz)
2. Note that a history event is fired because checkLocation checks the
unescaped unique id versus the escaped url that gets appended after the #
the in browser URL. ('foo%20bar%20baz' != 'foo bar baz').

What is the expected output? What do you see instead?
A new event should not be fired when the location is not escaped.  Escape
the location before adding to the storage hash to fix this.  I have
attached a patch from the latest version of the code.

What version of the product are you using? On what operating system?
0.6RC1 on Ubuntu 7.04 linux.

Please provide any additional information below.

Original issue reported on code.google.com by nibha...@gmail.com on 12 Nov 2007 at 10:38

Attachments:

rsh0.6RC1Locationpatch.txt

GoogleCodeExporter commented 8 years ago

Good catch, and thanks for the suggested patch. I'm going to play with it in my 
full
range of 15+ test browsers, confirm that it doesn't cause problems anywhere, and
consider this for inclusion in 0.6.

Original comment by bdpathfi...@gmail.com on 13 Nov 2007 at 5:33

Changed state: Accepted
Added labels: Type-Enhancement
Removed labels: Type-Defect

GoogleCodeExporter commented 8 years ago

Original comment by bdpathfi...@gmail.com on 13 Nov 2007 at 5:36

Added labels: Priority-High
Removed labels: Priority-Medium

GoogleCodeExporter commented 8 years ago

So funny that you should report this. The same exact issue bit me with a demo 
app I'm
developing for a tutorial for RSH users. Unfortunately, the fix you suggested 
isn't
completely sufficient. RSH is designed so that user who want to use 
historyStorage as
an Ajax serialization mechanism can do so without using dhtmlHistory at all. 
That
means that all points where dhtmlHistory accepts data or spits out data, it 
needs to
translate to and from a URI-encoded string. And because we don't want to
double-encode anything, we have to be very careful. If you added a URI encoding 
to
both dthmlHistory.add() _and_ one to historyStorage.put(), everything would get
double-encoded. I spent a big chunk of time today getting this working and will
commit those changes to SVN very soon. I'll also add tests to the test suite to
ensure it always works properly.

Original comment by bdpathfi...@gmail.com on 20 Nov 2007 at 10:22

GoogleCodeExporter commented 8 years ago

This is fixed in the 0.8 branch, so marking as fixed

Original comment by bdpathfi...@gmail.com on 19 Dec 2007 at 6:08

Changed state: Fixed