Skip to content

Commit

Permalink
Loading
Loading status checks…
ZK-5777: sendRedirect() doesn't work because of the encoded &
Browse files Browse the repository at this point in the history
@jumperchen @rebecca0201
jumperchen authored and rebecca0201 committed Oct 29, 2024
1 parent a5cd7b5 commit 4dde1bc
Showing 5 changed files with 74 additions and 1 deletion.
12 changes: 11 additions & 1 deletion zk/src/main/resources/web/js/zk/utl.ts
View file
Original file line number Diff line number Diff line change
@@ -232,7 +232,17 @@ export namespace utl_global {
if (url.startsWith('https://') || url.startsWith('http://')) {
return new URL(url).href;
} else {
return zUtl.encodeXML(url);
const [baseUrl, queryString] = url.split('?');
if (!queryString) {
return baseUrl;
}

const encodedParams = queryString.split('&').map(param => {
const [key, value] = param.split('=');
return `${encodeURIComponent(key)}=${encodeURIComponent(value)}`;
}).join('&');

return `${baseUrl}?${encodedParams}`;
}
}

1 change: 1 addition & 0 deletions zkdoc/release-note
View file
Original file line number Diff line number Diff line change
@@ -40,6 +40,7 @@ ZK 10.1.0
ZK-5820: a side effect of ZK-5018 for F95_ZK_4552Test
ZK-5810: Client MVVM: XEL Methods in include
ZK-5813: a side effect of ZK-5476 for BookCRUD2Test and BookCRUDTest
ZK-5777: sendRedirect() doesn't work because of the encoded &

* Upgrade Notes
+ Remove Htmls.encodeJavaScript(), Strings.encodeJavaScript(), Strings.escape() with Strings.ESCAPE_JAVASCRIPT, and replace them with OWASP Java Encoder APIs instead.
29 changes: 29 additions & 0 deletions zktest/src/main/webapp/test2/B101-ZK-5777.zul
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
<?xml version="1.0" encoding="UTF-8"?>

<!--
B101-ZK-5777.zul
Purpose:
Description:
History:
2024/10/29, Created by jumperchen
Copyright (C) 2024 Potix Corporation. All Rights Reserved.
-->
<zk>
<zscript><![CDATA[
Object v1 = Executions.getCurrent().getParameter("param1");
Object v2 = Executions.getCurrent().getParameter("param2");
public void redirect() {
Executions.getCurrent().sendRedirect("B101-ZK-5777.zul?param1=value1&param2=value2");
// Executions.getCurrent().sendRedirect("B101-ZK-5777.zul?param1=value1&param2=value2", "_self"); workaround
}
]]></zscript>
<label value="param1: ${v1}" />
<label value="param2: ${v2}" />
<button label="redirect with parameters" onClick="redirect()"/>
</zk>
1 change: 1 addition & 0 deletions zktest/src/main/webapp/test2/config.properties
View file
Original file line number Diff line number Diff line change
@@ -3153,6 +3153,7 @@ B90-ZK-4431.zul=A,E,Multislider
##zats##B101-ZK-5730.zul=A,E,NullPointerException,Desktop,Page,Session,Timeout,Destroy,SmartUpdate
##zats##B101-ZK-5802.zul=A,E,JavaScript,Private,Function,Export,Override
##zats##B101-ZK-5810.zul=A,E,XEL,ZUL,ClientMVVM
##zats##B101-ZK-5777.zul=A,E,SendRedirect,Encoding

##
# Features - 3.0.x version
32 changes: 32 additions & 0 deletions zktest/src/test/java/org/zkoss/zktest/zats/test2/B101_ZK_5777Test.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
/* B101_ZK_5777Test.java
Purpose:
Description:
History:
10:12 AM 2024/10/29, Created by jumperchen
Copyright (C) 2024 Potix Corporation. All Rights Reserved.
*/
package org.zkoss.zktest.zats.test2;

import static org.junit.jupiter.api.Assertions.assertEquals;

import org.junit.jupiter.api.Test;

import org.zkoss.test.webdriver.WebDriverTestCase;

/**
* @author jumperchen
*/
public class B101_ZK_5777Test extends WebDriverTestCase {
@Test
public void test() {
connect();
click(jq("@button"));
waitResponse();
assertEquals("param1: value1", jq("@label:eq(0)").text());
assertEquals("param2: value2", jq("@label:eq(1)").text());
}
}

0 comments on commit 4dde1bc

Please sign in to comment.