Escaping issues with URL components & regex syntax

[projectgus]

Thanks for publishing this!

There seems to be an escaping issue if you enter a URL Pattern regular expression that also resembles a query string.

For example, try to create a new URL pattern https://example.com/a/.+/b/ (a regex to match any URL with /a/something/b/).

At this point in dragPanel.js:

function _uploadFile(files) {
  const urlParams = new URLSearchParams(window.location.search);
  const sitePattern = urlParams.get("sitePattern");

The variables have these values:

window.location.search == "?sitePattern=https://example.com/a/.+/b/&mode=add" sitePattern == "https://example.com/a/. /b/"

The issue is that sitePattern is put into the URL without escaping the value in popup.js:

dragPanelUrl = dragPanelUrl + "?sitePattern=" + sitePattern.value + '&' + 'mode=add';

A similar issue occurs if you try to enter a URL pattern that includes a query string itself.

One possible fix would to be use URLSearchParams() in popup.js to build the URL, instead of string concatenation. Then it will unescape correctly later on.

I don't have time make a patch, but I thought I'd report this anyhow.

As a temporary workaround, you can QueryString escape the URL pattern yourself before entering it. The correct pattern (without the escapes) will be inserted into the database and shown in the UI.

[denniz-j]

Thanks for pointing this out. I'm not skillful enough to make a patch, but, using the workaround you suggested, together with ideas from here https://stackoverflow.com/questions/31367267/regex-for-url-with-query-string I managed to turn a url that was not working with faviconSwitcher... https://example.com/d/index.php?title=Cad ...into a url that does now seem to work... https://example.com/d/index.php??title=Cad Thanks for the faviconSwitcher addon/extension in the first place, and thanks for the workaround too.