product-backlog icon indicating copy to clipboard operation
product-backlog copied to clipboard
verified publisher icon hypothesis

Issue with handling of percent-encoded characters in URL (?)

Open klemay opened this issue 7 years ago • 5 comments

(robertknight's edit - 2018-01-27): I don't think the issue has anything to do with username changes. See https://github.com/hypothesis/product-backlog/issues/443#issuecomment-360946665 below:

I got example links back that do and do not work - they were on different URLs. The example link that did not work was on this URL: https://flipboard.com/article/why-this-award-winning-psychologist-says-you-should-throw-out-everything-you-kno/f-2af8d2b1ed%2Finc.com . Note the "%2F" at the end and from an initial look, it appears that the problem may relate to this.

When the client fetched annotations, it made a query that was roughly https://hypothes.is/api/search?uri=https%3A%2F%2Fflipboard.com%2Farticle%2Fwhy-this-award-winning-psychologist-says-you-should-throw-out-everything-you-kno%2Ff-2af8d2b1ed%2Finc.com . If you run the "uri" param through decodeURIComponent you'll get https://flipboard.com/article/why-this-award-winning-psychologist-says-you-should-throw-out-everything-you-kno/f-2af8d2b1ed/inc.com (note the "/" slash instead of "%2F" at the end).

The search logic will treat the two variants of the URL (with "%2F" vs "/" near the end) as different and if the client was fetching one variant but the annotations had been associated with the other, this would explain why they did not appear.

I have not yet found the conditions that cause the client to set the uri field to the "%2F" variant when creating an annotation. When I created annotations locally, the "uri" field of new annotations was always set to "/".

From Zendesk: https://hypothesis.zendesk.com/agent/tickets/2120

klemay avatar Jan 26 '18 16:01 klemay

I was not able to reproduce locally following the steps above. Following some discussion with Arti, I looked at the actual annotations involved here and discovered that they were associated with a Slack URL which changed between the time the page was originally annotated (last August) and now, with a redirect in place.

This redirect would explain why the old annotation does not appear when visiting the current URL for the document.

robertknight avatar Jan 26 '18 17:01 robertknight

After some local testing I don't currently have any reason to believe that there is a problem with username changes. The original author of the Zendesk ticket notes that all annotations show up if he visits the original page directly but not if he goes via the "View annotation in context" links.

This suggests that the problem could be related to bouncer going to a different URL (eg. Via) rather than a direct link or possibly to the #annotations: fragment that bouncer appends to the URL. I'm waiting to hear back from the ticket author with some more details.

robertknight avatar Jan 26 '18 17:01 robertknight

Now I'm wondering - there was a similar issue that came up a few weeks ago that I thought was a fingerprinting issue with PDFs, but maybe it's actually related? https://github.com/hypothesis/product-backlog/issues/413

klemay avatar Jan 26 '18 18:01 klemay

I got example links back that do and do not work - they were on different URLs. The example link that did not work was on this URL: https://flipboard.com/article/why-this-award-winning-psychologist-says-you-should-throw-out-everything-you-kno/f-2af8d2b1ed%2Finc.com . Note the "%2F" at the end and from an initial look, it appears that the problem may relate to this.

When the client fetched annotations, it made a query that was roughly https://hypothes.is/api/search?uri=https%3A%2F%2Fflipboard.com%2Farticle%2Fwhy-this-award-winning-psychologist-says-you-should-throw-out-everything-you-kno%2Ff-2af8d2b1ed%2Finc.com . If you run the "uri" param through decodeURIComponent you'll get https://flipboard.com/article/why-this-award-winning-psychologist-says-you-should-throw-out-everything-you-kno/f-2af8d2b1ed/inc.com (note the "/" slash instead of "%2F" at the end).

The search logic will treat the two variants of the URL (with "%2F" vs "/" near the end) as different and if the client was fetching one variant but the annotations had been associated with the other, this would explain why they did not appear.

I have not yet found the conditions that cause the client to set the uri field to the "%2F" variant when creating an annotation. When I created annotations locally, the "uri" field of new annotations was always set to "/".

robertknight avatar Jan 27 '18 01:01 robertknight

@robertknight when you get a moment: is this bug still valid? In your Flipgrid example,

https://flipboard.com/article/why-this-award-winning-psychologist-says-you-should-throw-out-everything-you-kno/f-2af8d2b1ed/inc.com

now redirects to

https://flipboard.com/article/why-this-award-winning-psychologist-says-you-should-throw-out-everything-you-kno/f-2af8d2b1ed%2Finc.com

so there is no longer a problem following links from activity pages to view annotations made on this URL.

To my knowledge, we haven't seen this pop up since I opened the issue in 2018.

klemay avatar Apr 13 '21 20:04 klemay