Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-35200

Shortcut Links URLs are escaped improperly

XMLWordPrintable

      It appears Shortcut URLs are being escaped improperly when certain characters appear either in the Shortcut Link definition or when a user using the shortcut link enters a character that requires encoding.

      When you have a Shortcut URL like so:

      Shortcut Link Definition Output Desired Result
      [term@foo]
      https://example.com/nav.do?var1=someVal?var2=

      (note the two ?s in the URL are intentional)

      https://example.com/nav.do?var1%3DsomeVal%3Fvar2%3Dterm

      The entire query string was encoded (wrong).

      https://example.com/nav.do?var1=someVal%3Fvar2%3Dterm

      Where only the '?' and '=' after the first '=' are escaped.

      [my=term@foo]
      https://example.com/nav.do?var1=
      https://example.com/nav.do?var1%3Dmy%3Dterm

      Again the entire query string was encoded (wrong).

      https://example.com/nav.do?var1=my%3Dterm

      Where only the input is escaped, my var1= should not be escaped.

      It appears that if anywhere in the query string there appears a character that Confluence thinks it needs to encode, its encoding the entire query string, which is encoding other perfectly valid characters.

      I'd like to see this get cleaned up so that it properly encodes the right parts, or better yet, have Confluence not attempt to URL Encode anything in my Shortcut URL definition and trust the author (admin) knows what they're doing. Obviously parameters/term passed into the shortcut link should be encoded for security purposes but what I define in the Shortcut Link URL should remain intact and not encoded.

              Unassigned Unassigned
              eee3c10257fb David Hergert (PAYX)
              Votes:
              14 Vote for this issue
              Watchers:
              16 Start watching this issue

                Created:
                Updated: