Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: use urlencode instead of htmlencode to sanitize url #9538

Merged
merged 2 commits into from
Sep 9, 2022

Conversation

tczhao
Copy link
Member

@tczhao tczhao commented Sep 7, 2022

HtmlEncode replaces special characters with character strings that are recognised by the HTML engine itself to render the content of the page

URLEncode replaces special characters with characters that can be understood by web browsers/web servers for the purpose of addressing

Should use URLEncode instead, since the config links are JS buttons to an external page

Fixes #9435

Signed-off-by: Tianchu Zhao <evantczhao@gmail.com>
@tczhao tczhao changed the title fix: use urlencode instead of html encode to validate url fix: use urlencode instead of htmlencode to validate url Sep 7, 2022
@tczhao tczhao changed the title fix: use urlencode instead of htmlencode to validate url fix: use urlencode instead of htmlencode to sanitize url Sep 7, 2022
@sarabala1979 sarabala1979 enabled auto-merge (squash) September 9, 2022 21:32
@sarabala1979 sarabala1979 merged commit ec7c210 into argoproj:master Sep 9, 2022
juchaosong pushed a commit to juchaosong/argo-workflows that referenced this pull request Nov 3, 2022
fix: use urlencode instead of html encode to validate url

Signed-off-by: Tianchu Zhao <evantczhao@gmail.com>

Signed-off-by: Tianchu Zhao <evantczhao@gmail.com>
Co-authored-by: Saravanan Balasubramanian <33908564+sarabala1979@users.noreply.github.com>
Signed-off-by: juchao <juchao@coscene.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3.4-rc2 - Links defined in configmaps have changed (so are broken)
4 participants