Browse Source

Catch exception in link normalizer on broken unicode sequence

pull/30/head
Vitaly Puzrin 10 years ago
parent
commit
cef03effe3
  1. 16
      lib/common/utils.js

16
lib/common/utils.js

@ -132,6 +132,13 @@ function escapeHtml(str) {
// Incoming link can be partially encoded. Convert possible combinations to // Incoming link can be partially encoded. Convert possible combinations to
// unified form. // unified form.
//
// TODO: Rewrite it. Should use:
//
// - encodeURIComponent for query
// - encodeURI for path
// - (?) punicode for domain mame (but encodeURI seems to work in real world)
//
function normalizeLink(url) { function normalizeLink(url) {
var normalized = replaceEntities(url); var normalized = replaceEntities(url);
@ -141,7 +148,14 @@ function normalizeLink(url) {
normalized = decodeURI(normalized); normalized = decodeURI(normalized);
} catch (__) {} } catch (__) {}
return encodeURI(normalized); // Encoder throws exception on broken unicode sequence.
// Kill suspicious data for the safety.
//
try {
return encodeURI(normalized);
} catch (__) {
return '';
}
} }
//////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////////

Loading…
Cancel
Save