Ampersand in redirect link attribute encoded twice

Created on 30 September 2021, about 3 years ago

Updated 3 July 2023, over 1 year ago

Problem/Motivation

The redirect link appears to be encoded twice and causing the redirection to fail. I wonder if anyone else might have seen this issue.
e.g.
https://example.com/login.aspx?authtype=ip,uid&profile=newuser&d...

Steps to reproduce

From Search Autocomplete Config, check on both "Auto Submit" and "Auto Redirect" and make sure the "link" attribute exists. Then, look up and click on the autocomplete suggestion which may have ampersand in the query string of the link.

x Auto Submit
If enabled, the form will be submitted automatically as soon as your user choose a suggestion in the popup list.

x Auto Redirect
If enabled, the user will be directly routed to the suggestion he chooses instead of performing form validation process. Only works if "link" attribute is existing and if "Auto Submit" is enabled.

This happens in the autocomplete suggestion link (ui.item.link) and similar to https://www.drupal.org/project/search_autocomplete/issues/2936846 → and https://www.drupal.org/project/search_autocomplete/issues/1739852 → issues on the suggestion value (ui.item.value).

The data comes from a Drupal View and also using Better Exposed Filters.

Proposed resolution

In /js/jquery.autocomplete.js, could we do a similar trick for link in additional to value? Or someone may have a better solution? Any help is greatly appreciated!

  function selectHandler(event, ui) {
    var terms = autocomplete.splitValues(event.target.value);
    // Remove the current input.
    terms.pop();

    // Trick here to handle encoded characters (see #2936846).
    const helper = document.createElement("textarea");
    helper.innerHTML = ui.item.value;
    ui.item.value = helper.value;
	
    if (ui.item.link) {
      helper.innerHTML = ui.item.link; //&amp;amp;
      ui.item.link = helper.value;
      helper.innerHTML = ui.item.link; //decode again
      ui.item.link = helper.value;
    }

🐛 Bug report

Status

Fixed

Version

3.0

Component

Code

Created by

evac9

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment over 1 year ago →
🇫🇷France Dom.
Since we already have this trick for the item.value, I suppose that would be better to reuse it rather than create a new textarea.

Comment over 1 year ago →

System Message

Dom. → committed c949e385 on 3.x

Issue #3240117 by Dom., evac9: Ampersand in redirect link attribute...

Status changed to Fixed over 1 year ago8:20am 3 July 2023
Comment over 1 year ago →
🇫🇷France Dom.
Will be included in release 3.0
Comment over 1 year ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024