Details
-
Bug
-
Resolution: Unresolved
-
Low
-
None
-
5.5.4, 5.8.14
-
3
-
Severity 3 - Minor
-
0
-
Description
It appears Shortcut URLs are being escaped improperly when certain characters appear either in the Shortcut Link definition or when a user using the shortcut link enters a character that requires encoding.
When you have a Shortcut URL like so:
| Shortcut Link | Definition | Output | Desired Result |
|---|---|---|---|
| [term@foo] |
https://example.com/nav.do?var1=someVal?var2=
(note the two ?s in the URL are intentional) |
https://example.com/nav.do?var1%3DsomeVal%3Fvar2%3Dterm
The entire query string was encoded (wrong). |
https://example.com/nav.do?var1=someVal%3Fvar2%3Dterm
Where only the '?' and '=' after the first '=' are escaped. |
| [my=term@foo] | https://example.com/nav.do?var1=
|
https://example.com/nav.do?var1%3Dmy%3Dterm
Again the entire query string was encoded (wrong). |
https://example.com/nav.do?var1=my%3Dterm
Where only the input is escaped, my var1= should not be escaped. |
It appears that if anywhere in the query string there appears a character that Confluence thinks it needs to encode, its encoding the entire query string, which is encoding other perfectly valid characters.
I'd like to see this get cleaned up so that it properly encodes the right parts, or better yet, have Confluence not attempt to URL Encode anything in my Shortcut URL definition and trust the author (admin) knows what they're doing. Obviously parameters/term passed into the shortcut link should be encoded for security purposes but what I define in the Shortcut Link URL should remain intact and not encoded.
Attachments
Issue Links
- relates to
-
-
- Closed
-