backdrop-issues icon indicating copy to clipboard operation
backdrop-issues copied to clipboard
verified publisher icon backdrop

Page Body Editor: URL Dialog Box Problems (complex URL, long Title)

Open ProfessorGram opened this issue 11 months ago • 5 comments

Description of the bug

A short description of what the problem is.

  1. URL's with complex parameters are flagged as being invalid when they are not

  2. URL's with long titles are disallowed when they should not be

Steps To Reproduce

To reproduce the behavior: Go to: https://contrib2.com/backdrop-ecosystem-map

  1. This link breaks the dialog, but can be entered in SOURCE VIEW https://www.charitiesnys.com/RegistrySearch/show_details.jsp?id={D91516D6-43B7-4C1C-93AE-136495EB250D}

  2. This text breaks the dialog, but can be entered in SOURCE VIEW

image

image

Actual behavior

Describe what was the result of following the steps above. Add screenshots if you think they would help.

Expected behavior

Describe what you expected to happen instead. Add mockup screenshots if possible.

I expect the dialog to accept valid URLs I expect to be able to enter a Title of arbitrary length

Additional information

Add any other information that could help, such as:

  • Backdrop CMS version:
  • Web server and its version:
  • PHP version:
  • Database sever (MySQL or MariaDB?) and its version:
  • Operating System and its version:
  • Browser(s) and their versions:

Backdrop 1.29.2

ProfessorGram avatar Jan 16 '25 08:01 ProfessorGram

The URL is probably marked as invalid because it's too long. This was fixed in the latest version of Backdrop. Please try to always test with the latest version, as it may contain fixes for the problems you are reporting.

This is the original issue: https://github.com/backdrop/backdrop-issues/issues/6740

argiepiano avatar Jan 16 '25 13:01 argiepiano

@ProfessorGram take a look at this article and others about unsafe characters: https://nicolaslule.com/safe-unsafe-reserved-unreserved-characters-in-urls/

I think the curly brackets are giving you trouble.

When I click on your link above, it opens, but the link is actually transformed, and the special characters are converted to html encoding.
https://www.charitiesnys.com/RegistrySearch/show_details.jsp?id=%7BD91516D6-43B7-4C1C-93AE-136495EB250D%7D

It looks like github has sanitized your url! I copied the text and the code, and sure enough, the underlying link url has been rewritten. I assume you just pasted in the link and Github created the hyperlink?

I removed the curly brackets, and the link works as intended.
https://www.charitiesnys.com/RegistrySearch/show_details.jsp?id=D91516D6-43B7-4C1C-93AE-136495EB250D

Maybe this is an issue with the charities NYC rather than Backdrop.

Wylbur avatar Jan 16 '25 18:01 Wylbur

The URL is probably marked as invalid because it's too long. This was fixed in the latest version of Backdrop. Please try to always test with the latest version, as it may contain fixes for the problems you are reporting.

This is the original issue: #6740

I don't know - is this too long?

Image

I would love to use the latest Backdrop CMS.

I cannot upgrade due to the Upgrade manager borking because I refuse to debase my security model, and SSH integration seems to be not working, so my upgrade is current stalled.

ProfessorGram avatar Jan 16 '25 22:01 ProfessorGram

@ProfessorGram take a look at this article and others about unsafe characters: https://nicolaslule.com/safe-unsafe-reserved-unreserved-characters-in-urls/

I think the curly brackets are giving you trouble.

When I click on your link above, it opens, but the link is actually transformed, and the special characters are converted to html encoding. https://www.charitiesnys.com/RegistrySearch/show_details.jsp?id=%7BD91516D6-43B7-4C1C-93AE-136495EB250D%7D

It looks like github has sanitized your url! I copied the text and the code, and sure enough, the underlying link url has been rewritten. I assume you just pasted in the link and Github created the hyperlink?

I removed the curly brackets, and the link works as intended. https://www.charitiesnys.com/RegistrySearch/show_details.jsp?id=D91516D6-43B7-4C1C-93AE-136495EB250D

Maybe this is an issue with the charities NYC rather than Backdrop.

I don't know, is this URL illegal according to the RFC? What URL standard is being observed?

Image

Seems to work just fine on my browser with curly braces, using a major browser (Mozilla)

BUT - there is an RFC that identifies "UNSAFE" characters. Is that what you are using as a reference?

https://www.rfc-editor.org/rfc/rfc1738#page-3

Here's the relevant section:

Image

I will contact the authority regarding the curly braces.

P.S. - it would be great if the error message could be a little more descriptive regarding the nature of the regex transgression.

"Unsafe character detected in URL, please see RFC 1738"

Thanks

ProfessorGram avatar Jan 16 '25 22:01 ProfessorGram

Authority notified:

Image

ProfessorGram avatar Jan 16 '25 23:01 ProfessorGram

I don't think there is further work to be done here. Upgrading to the latest version of Backdrop will solve the URL length issue.

For the curly brackets issue, encode the curly brackets as %7B for { and %7D for } so it is a valid URL. Most browsers will automatically do conversion for you on characters like spaces and plus symbols, but it seems that squiggle brackets don't have this automatic conversion on Firefox or Chrome. I think discouraging the original site from using them was a good move.

quicksketch avatar Mar 22 '25 05:03 quicksketch