Handle partially encoded url query strings in request node

2025-03-01 10:36:34 +00:00 · 2021-07-26 14:21:52 +01:00
parent a9bc111c4f
commit f1775d4fd1
2 changed files with 25 additions and 3 deletions
--- a/packages/node_modules/@node-red/nodes/core/network/21-httprequest.js
+++ b/packages/node_modules/@node-red/nodes/core/network/21-httprequest.js
@@ -134,7 +134,29 @@ in your Node-RED user directory (${RED.settings.userDir}).
                    url = "http://"+url;
                }
            }
-            url = encodeURI(url);
+
+            // The Request module used in Node-RED 1.x was tolerant of query strings that
+            // were partially encoded. For example - "?a=hello%20there&b=20%"
+            // The GOT module doesn't like that.
+            // The following is an attempt to normalise the url to ensure it is properly
+            // encoded. We cannot just encode it directly as we don't want any valid
+            // encoded entity to end up doubly encoded.
+            if (url.indexOf("?") > -1) {
+                // Only do this if there is a query string to deal with
+                const [hostPath, ...queryString] = url.split("?")
+                const query = queryString.join("?");
+                if (query) {
+                    // Look for any instance of % not followed by two hex chars.
+                    // Replace any we find with %25.
+                    const escapedQueryString = query.replace(/(%.?.?)/g, function(v) {
+                        if (/^%[a-f0-9]{2}/i.test(v)) {
+                            return v;
+                        }
+                        return v.replace(/%/,"%25")
+                    })
+                    url = hostPath+"?"+escapedQueryString;
+                }
+            }

            var method = nodeMethod.toUpperCase() || "GET";
            if (msg.method && n.method && (n.method !== "use")) {     // warn if override option not set
--- a/test/nodes/core/network/21-httprequest_spec.js
+++ b/test/nodes/core/network/21-httprequest_spec.js
@@ -1145,7 +1145,7 @@ describe('HTTP Request Node', function() {
                    try {
                        msg.should.have.property('payload',{
                            query:{ a: 'b', c:[ 'T24,0°|H80%|W S8,3m/s' ] },
-                            url: '/getQueryParams?a=b&c%5B0%5D.Text=T24,0%C2%B0%7CH80%25%7CW%20S8,3m/s'
+                            url: '/getQueryParams?a=b&c[0].Text=T24,0%C2%B0|H80%25|W%20S8,3m/s'
                        });
                        msg.should.have.property('statusCode',200);
                        msg.should.have.property('headers');
@@ -1154,7 +1154,7 @@ describe('HTTP Request Node', function() {
                        done(err);
                    }
                });
-                n1.receive({url: getTestURL('/getQueryParams')+"?a=b&c[0].Text=T24,0°|H80%|W S8,3m/s"});
+                n1.receive({url: getTestURL('/getQueryParams')+"?a=b&c[0].Text=T24,0°|H80%|W%20S8,3m/s"});
            });
        })
    });