percent-encode clipboard selection in biblemap URL#1346
Open
acts-1631 wants to merge 1 commit into
Open
Conversation
The "Open in Bible Map" context menu action builds a URL by
concatenating the clipboard selection directly into a URL fragment:
g_strconcat("http://www.biblemap.org/#", dict_key, NULL)
without any percent-encoding. Characters like spaces, #, &, ?, or
newlines in the selection alter the resulting URL structure passed to
the system browser via xiphos_open_default() (gtk_show_uri_on_window on
Linux, ShellExecuteW on Windows). A selection containing a second #
hijacks the fragment; spaces can break the URL; crafted content can
confuse naive URL parsers.
Percent-encode the selection with g_uri_escape_string() before
inserting it into the URL so that URL-significant characters are
escaped and the browser receives the intended fragment.
872e1ca to
095535b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The "Open in Bible Map" action in the context menu builds a URL by
concatenating the clipboard selection into a fragment:
http://www.biblemap.org/#
The selection is not percent-encoded, so characters like spaces, #, &,
or newlines alter the URL structure passed to the system browser. A
second # in the selection hijacks the fragment portion.
The selection is now escaped with g_uri_escape_string() before being
inserted into the URL.