Opened 2 years ago

Closed 2 years ago

#24311 closed defect (fixed)

Incorrect encoding frontent input -> backend request

Reported by: cypherpunks Owned by: metrics-team
Priority: Medium Milestone:
Component: Metrics/Relay Search Version:
Severity: Normal Keywords:
Cc: karsten Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

If you enter the following search term:

contac:<none>

it will result in the following backend request:

https://onionoo.torproject.org/summary?search=contact:&lt;none&gt;

=> bad request (400)

Child Tickets

Change History (2)

comment:1 Changed 2 years ago by karsten

Wow, good catch!

I think we're doing things wrong in at least two places:

First, Atlas encodes characters using HTML names, for example, < as &lt;. But Onionoo does not decode that, and without decoding this is not a valid search parameter value. Hence the 400 status code. Is there a way for Atlas to encode characters differently or avoid encoding and just include characters like < in the request to Onionoo? Otherwise we'd have to teach Onionoo how to decode HTML names, and I'm not sure whether that's even a good idea.

Second, Oniono does not decode percent-encoded characters in qualified search terms, even though it probably should do that. That means that even if Atlas sent over a query like ​https://onionoo.torproject.org/summary?search=contact:%3Cnone%3E, Onionoo wouldn't decode it. It would just return an empty result set, because there are no contact lines with %3Cnone%3E. That's different from the contact parameter which is decoded correctly.

(It might be that we just ran into this issue in #21366, but it seems related here, too. So, even if Atlas switches from HTML encoding to percent encoding, we'd still have to fix this part in Onionoo.)

Oh well.

comment:2 Changed 2 years ago by irl

Cc: karsten added
Resolution: fixed
Status: newclosed

karsten: Onionoo really should support % encoding.

For Relay Search, fixed in 0bc2331.

Note: See TracTickets for help on using tickets.