Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix URL sanitizer for long URLs #16026

Merged
merged 1 commit into from
Sep 28, 2023
Merged

Fix URL sanitizer for long URLs #16026

merged 1 commit into from
Sep 28, 2023

Conversation

lhecker
Copy link
Member

@lhecker lhecker commented Sep 24, 2023

f1aa699 was fundamentally incorrect as it used IdnToAscii and
IdnToUnicode on the entire URL, even though these functions only work
on domain names. This commit fixes the issue by using the WinRT Url
class and its AbsoluteUri and AbsoluteCanonicalUri getters.
The algorithm still works the same way though.

Closes #16017

Validation Steps Performed

  • "`e]8;;https://www.xn--fcbook-3nf5b.com/`e\test`e]8;;`e\"
    still shows as two URLs in the popup ✅
  • Shows the given URI if it's canonical and not an IDN ✅
  • Works with >100 char long file:// URIs ✅

@microsoft-github-policy-service microsoft-github-policy-service bot added the Issue-Bug It either shouldn't be doing this or needs an investigation. label Sep 24, 2023
lhecker
lhecker commented Sep 24, 2023
View reviewed changes
src/cascadia/inc/cppwinrt_utils.h
Comment on lines +20 to +27
template<>
struct fmt::formatter<winrt::hstring, wchar_t> : fmt::formatter<fmt::wstring_view, wchar_t>
{
auto format(const winrt::hstring& str, auto& ctx)
{
return fmt::formatter<fmt::wstring_view, wchar_t>::format({ str.data(), str.size() }, ctx);
}
};
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems like we don't have any fmt::format call that uses FMT_COMPILE on hstring arguments, or any fmt::format that uses >1 hstring argument. The above one seems to be a first.

...because it appears as if right now we implicitly cast all hstring arguments to C-strings during formatting. This new custom formatter ensures they're treated like string-views (and it allows the above code to compile).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i love this. does it make the transition to 10.1.1 any easier?

@lhecker lhecker added the AutoMerge Marked for automatic merge by the bot when requirements are met label Sep 28, 2023
@microsoft-github-policy-service microsoft-github-policy-service bot merged commit 198c11f into main Sep 28, 2023
17 checks passed
@microsoft-github-policy-service microsoft-github-policy-service bot deleted the dev/lhecker/16017-fix-url-sanitizer branch September 28, 2023 15:46
@microsoft-github-policy-service microsoft-github-policy-service bot added Area-TerminalControl Issues pertaining to the terminal control (input, selection, keybindings, mouse interaction, etc.) Product-Terminal The new Windows Terminal. labels Sep 28, 2023
DHowett pushed a commit that referenced this pull request Sep 29, 2023
@lhecker @DHowett
Fix URL sanitizer for long URLs (#16026)
b807bb0 
f1aa699 was fundamentally incorrect as it used `IdnToAscii` and
`IdnToUnicode` on the entire URL, even though these functions only work
on domain names. This commit fixes the issue by using the WinRT `Url`
class and its `AbsoluteUri` and `AbsoluteCanonicalUri` getters.
The algorithm still works the same way though.

Closes #16017

* ``"`e]8;;https://www.xn--fcbook-3nf5b.com/`e\test`e]8;;`e\"``
  still shows as two URLs in the popup ✅
* Shows the given URI if it's canonical and not an IDN ✅
* Works with >100 char long file:// URIs ✅

(cherry picked from commit 198c11f)
Service-Card-Id: 90642843
Service-Version: 1.18
DHowett pushed a commit that referenced this pull request Sep 29, 2023
@lhecker @DHowett
Fix URL sanitizer for long URLs (#16026)
057d133 
f1aa699 was fundamentally incorrect as it used `IdnToAscii` and
`IdnToUnicode` on the entire URL, even though these functions only work
on domain names. This commit fixes the issue by using the WinRT `Url`
class and its `AbsoluteUri` and `AbsoluteCanonicalUri` getters.
The algorithm still works the same way though.

Closes #16017

## Validation Steps Performed
* ``"`e]8;;https://www.xn--fcbook-3nf5b.com/`e\test`e]8;;`e\"``
  still shows as two URLs in the popup ✅
* Shows the given URI if it's canonical and not an IDN ✅
* Works with >100 char long file:// URIs ✅

(cherry picked from commit 198c11f)
Service-Card-Id: 90642844
Service-Version: 1.19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DHowett DHowett DHowett approved these changes

@zadjii-msft zadjii-msft zadjii-msft approved these changes

Assignees
No one assigned
Labels
Area-TerminalControl Issues pertaining to the terminal control (input, selection, keybindings, mouse interaction, etc.) AutoMerge Marked for automatic merge by the bot when requirements are met Issue-Bug It either shouldn't be doing this or needs an investigation. Product-Terminal The new Windows Terminal.
Projects
1.18 Servicing Pipeline
Status: Shipped
1.19 Servicing Pipeline
Status: Shipped
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Some file: OSC 8 URLs show up as "Invalid URI" because punycode/idn conversion blows up (?)
3 participants
@lhecker @DHowett @zadjii-msft