AK: Iterate the bytes of a URL query with an unsigned type

Otherwise, we percent-encode negative signed chars incorrectly. For example, https://www.strava.com/login contains the following hidden <input> field: <input name="utf8" type="hidden" value="✓" /> On submitting the form, we would percent-encode that field as: utf8=%-1E%-64%-6D Which would cause us to receive an HTTP 500 response. We now properly percent-encode that field as: utf8=%E2%9C%93 And can login to Strava :^)
Author: https://github.com/trflynn89 Commit: https://github.com/SerenityOS/serenity/commit/e3b5e24ce0 Pull-request: https://github.com/SerenityOS/serenity/pull/23539
2025-04-20 19:45:12 +00:00 · 2024-03-10 09:42:48 -04:00 · 2024-03-10 09:42:48 -04:00 · e3b5e24ce0 · 2024-07-16 23:54:15 +09:00
commit e3b5e24ce0
parent dc47210360
2 changed files with 10 additions and 1 deletions
--- a/AK/URLParser.cpp
+++ b/AK/URLParser.cpp
@ -714,7 +714,7 @@ ErrorOr<String> URLParser::percent_encode_after_encoding(StringView input, URL::
    StringBuilder output;

    // 3. For each byte of encodeOutput converted to a byte sequence:
-    for (auto byte : input) {
+    for (u8 byte : input) {
        // 1. If spaceAsPlus is true and byte is 0x20 (SP), then append U+002B (+) to output and continue.
        if (space_as_plus && byte == ' ') {
            output.append('+');
--- a/Tests/AK/TestURL.cpp
+++ b/Tests/AK/TestURL.cpp
@ -438,6 +438,15 @@ TEST_CASE(unicode)
    EXPECT(!url.fragment().has_value());
 }

+TEST_CASE(query_with_non_ascii)
+{
+    URL url { "http://example.com/?utf8=✓"sv };
+    EXPECT(url.is_valid());
+    EXPECT_EQ(url.serialize_path(), "/"sv);
+    EXPECT_EQ(url.query(), "utf8=%E2%9C%93");
+    EXPECT(!url.fragment().has_value());
+}
+
 TEST_CASE(complete_file_url_with_base)
 {
    URL url { "file:///home/index.html" };