escape regex special characters in location prefix stripping#21436
Closed
rootvector2 wants to merge 1 commit into
Closed
escape regex special characters in location prefix stripping#21436rootvector2 wants to merge 1 commit into
rootvector2 wants to merge 1 commit into
Conversation
Contributor
Author
|
any update? |
Contributor
There was a problem hiding this comment.
can you add a test for when the rootURL contains a slash in the middle?
There was a problem hiding this comment.
Pull request overview
This PR prevents HistoryLocation.getURL() and NoneLocation.getURL() from treating rootURL / baseURL as regular-expression patterns when stripping URL prefixes, avoiding both incorrect over-stripping and RegExp construction errors when those values contain regex-special characters.
Changes:
- Add a shared
escapeRegExp()helper inpackages/@ember/routing/lib/location-utils.ts. - Escape
baseURLandrootURLbefore building prefix-strippingRegExps inHistoryLocation.getURL(). - Escape
rootURLbefore building the prefix-strippingRegExpinNoneLocation.getURL(), and add a regression test forHistoryLocationrootURL special characters.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| packages/@ember/routing/history-location.ts | Escapes baseURL/rootURL prior to RegExp construction during prefix stripping. |
| packages/@ember/routing/none-location.ts | Escapes rootURL prior to RegExp construction during prefix stripping. |
| packages/@ember/routing/lib/location-utils.ts | Introduces escapeRegExp() utility for literal prefix matching. |
| packages/@ember/routing/tests/location/history_location_test.js | Adds regression coverage for HistoryLocation.getURL() with regex-special chars in rootURL (and should be extended to cover baseURL). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+235
to
253
| ['@test HistoryLocation.getURL() treats regex special characters in rootURL literally']( | ||
| assert | ||
| ) { | ||
| HistoryTestLocation.reopen({ | ||
| init() { | ||
| this._super(...arguments); | ||
| set(this, 'location', mockBrowserLocation('/appXv2/posts')); | ||
| set(this, 'rootURL', '/app.v2/'); | ||
| }, | ||
| }); | ||
|
|
||
| createLocation(); | ||
|
|
||
| assert.equal(location.getURL(), '/appXv2/posts'); | ||
| } | ||
|
|
||
| ['@test HistoryLocation.getURL() returns the current url, does not remove baseURL if its not at start of url']( | ||
| assert | ||
| ) { |
|
|
||
| // remove rootURL from url | ||
| return path.replace(new RegExp(`^${rootURL}(?=/|$)`), ''); | ||
| return path.replace(new RegExp(`^${escapeRegExp(rootURL)}(?=/|$)`), ''); |
Contributor
|
same change as #21492 (and merging this one, because it has one extra test) thank you! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
HistoryLocation.getURL builds its prefix-stripping RegExp by interpolating rootURL and the baseURL read from the page's directly, so a rootURL like /app.v2/ over-strips /appXv2/posts and a base href containing [ makes getURL throw. Run both through escapeRegExp so the prefix matches literally; NoneLocation.getURL had the same unescaped rootURL.