handle malformed URIs (fix #424)

yyx990803 · yyx990803 · commit b22764808602 · 2016-04-04T17:34:45.000-04:00
diff --git a/lib/route-recognizer.js b/lib/route-recognizer.js
@@ -7,6 +7,23 @@ var specials = [
 
 var escapeRegex = new RegExp('(\\' + specials.join('|\\') + ')', 'g')
 
+var noWarning = false
+function warn (msg) {
+  if (!noWarning && typeof console !== 'undefined') {
+    console.error('[vue-router] ' + msg)
+  }
+}
+
+function tryDecode (uri, asComponent) {
+  try {
+    return asComponent
+      ? decodeURIComponent(uri)
+      : decodeURI(uri)
+  } catch (e) {
+    warn('malformed URI' + (asComponent ? ' component: ' : ': ') + uri)
+  }
+}
+
 function isArray(test) {
   return Object.prototype.toString.call(test) === "[object Array]"
 }
@@ -321,7 +338,7 @@ function addSegment(currentState, segment) {
 function decodeQueryParamPart(part) {
   // http://www.w3.org/TR/html401/interact/forms.html#h-17.13.4.1
   part = part.replace(/\+/gm, '%20')
-  return decodeURIComponent(part)
+  return tryDecode(part, true)
 }
 
 // The main interface
@@ -485,20 +502,24 @@ RouteRecognizer.prototype = {
     return queryParams
   },
 
-  recognize: function(path) {
+  recognize: function(path, silent) {
+    noWarning = silent
     var states = [ this.rootState ],
         pathLen, i, l, queryStart, queryParams = {},
         isSlashDropped = false
 
-    path = decodeURI(path)
-
     queryStart = path.indexOf('?')
     if (queryStart !== -1) {
       var queryString = path.substr(queryStart + 1, path.length)
       path = path.substr(0, queryStart)
-      queryParams = this.parseQueryString(queryString)
+      if (queryString) {
+        queryParams = this.parseQueryString(queryString)
+      }
     }
 
+    path = tryDecode(path)
+    if (!path) return
+
     // DEBUG GROUP path
 
     if (path.charAt(0) !== "/") { path = "/" + path }
diff --git a/src/index.js b/src/index.js
@@ -441,7 +441,7 @@ class Router {
    */
 
   _checkGuard (path) {
-    let matched = this._guardRecognizer.recognize(path)
+    let matched = this._guardRecognizer.recognize(path, true)
     if (matched) {
       matched[0].handler(matched[0], matched.queryParams)
       return true
diff --git a/src/util.js b/src/util.js
@@ -13,11 +13,8 @@ export default exports
 
 export function warn (msg) {
   /* istanbul ignore next */
-  if (window.console) {
-    console.warn('[vue-router] ' + msg)
-    if (!exports.Vue || exports.Vue.config.debug) {
-      console.warn(new Error('warning stack trace:').stack)
-    }
+  if (typeof console !== 'undefined') {
+    console.error('[vue-router] ' + msg)
   }
 }
 
diff --git a/test/unit/specs/core.js b/test/unit/specs/core.js
@@ -10,6 +10,7 @@ describe('Core', function () {
     el = document.createElement('div')
     document.body.appendChild(el)
     spyOn(window, 'scrollTo')
+    spyOn(console, 'error')
   })
 
   afterEach(function () {
@@ -121,8 +122,8 @@ describe('Core', function () {
       [{ path: '/a', query: query }, 'A' + query.msg],
       // object with named route
       [{ name: 'b', query: query }, 'B' + query.msg],
-      // string path
-      ['/c?msg=' + encodeURIComponent(query.msg), 'C' + query.msg]
+      // special char
+      ['/c?msg=%!!!', 'C%!!!']
     ], done)
   })
 

Original file line number	Diff line number	Diff line change
`@@ -13,11 +13,8 @@ export default exports`
`13`	`13`
`14`	`14`	`export function warn (msg) {`
`15`	`15`	`/* istanbul ignore next */`
`16`		`- if (window.console) {`
`17`		`- console.warn('[vue-router] ' + msg)`
`18`		`- if (!exports.Vue \|\| exports.Vue.config.debug) {`
`19`		`- console.warn(new Error('warning stack trace:').stack)`
`20`		`- }`
	`16`	`+ if (typeof console !== 'undefined') {`
	`17`	`+ console.error('[vue-router] ' + msg)`
`21`	`18`	`}`
`22`	`19`	`}`
`23`	`20`