Pending fix CPS on multi segment Paths

  • New Wordpress Plug-In Forum
    Guest:

    Just a note that we have a new forum to contain discussions relating to the Wordpress plug-in which Daniel Persson originated and has been making great progress on. You'll find it under "Server-Side Solutions."

    /Steve.

Hi @Steve,

In the testing of the ASP.net Core Middleware I currently enhancing to 1.1.0 which adds the ability for consumers of the package to let users login with different paths to the default one they specify, I think I have found an operational bug in your client on the CPS check.

Steps to reproduce
Create a SQRL link with a path that has multiple segments "/users/login"
The example HTML i have for this is
HTML:
<a href="sqrl://localhost:44336/users/login?x=12&amp;nut=NGY1MTE1NDhiYjJjZmEyN2UwNTkwOWUxYWJlNjBjZjE0MTRjYTcwNmE2OTM2YzExYzkxNDBkNGNkMTI0NzExNDM0ODQwYjA5NDlmNzMwNjg" onclick="CpsProcess(this);">Login</a>
<script>
    function CpsProcess(e)
    {
        var gifProbe = new Image();
        gifProbe.onload = function()
        {
            document.location.href = "http://localhost:25519/"+ btoa(e.getAttribute("href"));
        };
        gifProbe.onerror = function()
        {
            setTimeout(function()
            {
                gifProbe.src = "http://localhost:25519/" + Date.now() + '.gif';
            }, 250 );
        };
        gifProbe.onerror();
    };
</script>
As you can see the "x" param is 12 which is the length of "/users/login"

I altered the "x" param to be 13 and it worked fine. I then went back to a single segment URL with an "x" param "/login" that was fine. I then did a test of "/users/login/now" with an "x" param of 16 this failed again as expected at this point, i then tried "x" at 17 this also failed confirming to me the bug but i checked anyway and tried "x" with 18 this passed.

What i think the bug is
I think the bug is that the "/" character is becoming "//" at some point which results in this issue
 

PHolder

Well-known member
May 19, 2018
918
124
x=12&amp;nut=
I believe your issue is that you should not be escaping the & in this case. Athough if you have it mostly working, maybe not... Still, you don't need to escape it in that case, so that would me one less thing that could go wrong.