decodeURIComponent fails from URI provided from form submit to chrome.webRequest

Question

i have the following situation.

i do a GET request via an HTML form
- i have one text field and the field has the contents of << BLAH >alert (”BLAH”);//<</ blah >. It's known invalid, hypothetical markup.
i have an event listener on webRequest
i attempt to decodeURIComponent on the full url of the webrequest, trigged by form submission
decoding fails, contrary to expectation.
- i expect that decodeURIComponent should be able to decode anything the browser encodes from a form. this appears to be a wrong assumption, or a bug in chrome: 55.0.x*

If the below JS was in a chrome extension, the following snippet would demonstrate the issue.

var filter =  { urls: ['<all_urls>'] }

function handler (details) {
  decodeURIComponent(details.url)
}
chrome.webRequest.onBeforeRequest.addListener(
  handler,
  filter,
  ['blocking', 'requestBody']
)

<form method='get'>
  <input type='text' name='field'/>
  <button type='submit'>submit</button>
</form>

Of course you can't actually run this--webRequest is part of the chrome extension API.

Looking for tips. Thanks!

Please [edit] the question to be on-topic: include a **complete** [mcve] that *duplicates the problem*. Including a *manifest.json*, some of the background/content/popup scripts/HTML. Questions seeking debugging help ("**why isn't this code working?**") must include: ►the desired behavior, ►a specific problem or error *and* ►the shortest code necessary to reproduce it **in the question itself**. Questions without a clear problem statement are not useful to other readers. See: "**How to create a [mcve]**", [What topics can I ask about here?](http://stackoverflow.com/help/on-topic), and [ask]. — Makyen, Feb 05 '17 at 00:31
What *exactly* is shown in the [various appropriate consoles for your extension](http://stackoverflow.com/a/38920982/3773011) when you load and execute your extension? Please provide *exact* inputs, failing output and expected output. — Makyen, Feb 05 '17 at 00:32
You are trying to decode the entire URI. Normally you would use: [`decodeURI()`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/decodeURI), but using [decodeURIComponent()](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/decodeURIComponent) instead should not cause it to fail. — Makyen, Feb 05 '17 at 00:36
it actually _works_ seemingly dependent some other characteristics on the webpage from where the form is being submitted from. i just mocked up a local example where decoding works, but it still fails here: http://testingground.nowebscale.com/. that is => extension decodes URI succeeds on my local form, but not on their form. i need to do further investigating. as i can't provide a reproducible example... my examples are successful! but the extension does fail elsewhere. i can still bundle the extension and share — cdaringe, Feb 05 '17 at 00:43
The point of a [mcve] and the information required for a debugging question is so we have enough to be able to duplicate the problem. Please [edit] more information into the question so we can duplicate the issue. It would be best if you could get, and provide us with, the string which `decodeURIComponent` is having a problem with rather than having to provide us with the URL on which we need to perform a submit to trigger the `webRequest`. — Makyen, Feb 05 '17 at 00:47

score 1 · Answer 1 · answered Feb 05 '17 at 03:17

1

This was root caused down to curly quotes. Chrome doesn't remap any chars on your behalf to be URI friendly. That is '”' !== '"', and my form field was using ”. ” ==> %94. What strange is that the form under the hood doesn't use encodeURIComponent('”') ==> %E2%80%9D. Anyway, decodeURIComponent('%94') blows up.

answered Feb 05 '17 at 03:17

cdaringe

1,274
2
15
33

Who is encoding `”` as `%94` ? This is not a valid percentage encoded value. – Kaiido Feb 05 '17 at 04:30
Chrome. The HTML Form. – cdaringe Feb 05 '17 at 08:01
So the target request does have this `%94BLAH%94` ? Or is it only in the `onBeforeRequest`'s event handler `.details` ? On my chrome it does the request with `%E2%80%9DBLAH%E2%80%9D` as expected. Also, which version of chrome is this ? – Kaiido Feb 05 '17 at 08:16
Ah I got it, your page has its `charset` set to `ISO Latin` or similar right ? `”` is not supported in this charset, so an replacement character is used instead, which can't be URIencoded. Set your charset to `utf8` and all should be good. – Kaiido Feb 05 '17 at 08:44
Please [edit your Question](http://stackoverflow.com/posts/42046361/edit) so it is possible to determine that this is a valid answer from the content of your Question. This means you need to add additional information to your Question to have a complete [mcve] (i.e. supply the actual HTML used). With that information it would be an interesting question which could be useful to future readers and might get some upvotes. – Makyen Feb 06 '17 at 23:11
@Makyen, the way I perceive your tone is not positive. From the initial post, I made a statement declaring my content to be not runnable. Declaring "not runnable" sets an implicit expectation that I don't expect you to run it. **Of course providing runnable content helps everyone diagnose & discuss**. I provided sufficient code for discussion, which is what I intended to have. Please stop posting your link at me. Also consider updating your language from "you need to" to something akin to "it would be more helpful if you could." – cdaringe Feb 07 '17 at 03:18

score 0 · Answer 2 · answered May 12 '17 at 18:16

I had a URI malformed error in Google Chrome, when I tried decoding a string using decodeURIComponent as well. It failed on the % character that was in that string, I did not want any check to happen on the validity of that string. So I ended up using the unescape method intsead: unescape(mystring)

decodeURIComponent fails from URI provided from form submit to chrome.webRequest

2 Answers2