Bug 624883 – Improper un-escape of URL for embedded URLs

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 624883 - Improper un-escape of URL for embedded URLs


Summary:	Improper un-escape of URL for embedded URLs


Status:	RESOLVED DUPLICATE of bug 581032

Product:	GtkHtml
Classification:	Other
Component:	Parsing
Version:	3.30.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	gtkhtml-maintainers
QA Contact:	gtkhtml-maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2010-07-20 23:00 UTC by Luke Suchocki
Modified:	2010-07-20 23:08 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Luke Suchocki 2010-07-20 23:00:47 UTC

I'm pretty sure this belongs to GtkHtml, since many similar issues reported in the past on the Evolution bugzilla were pointed over here. Please correct me if I am wrong. 

I dug through code and changelogs for a good 4 hours today, but was quickly lost and frustrated. I'm pretty sure someone here knows exactly what happened recently.

Running updated Fedora Core 13
gtkhtml2-2.11.1-7.fc13.i686
evolution-2.30.2-1.fc13.i686

After a recent gtkhtml / evolution update, links which encapsulate another link are no longer functioning when clicked or right-click "Open Link in Browser" because the encapsulated link is unescaped before being passed to the browser.

Workaround is to right-click "Copy Link Location" and paste in browser.

Easily duplicated by copying the link from a Google "cached" page and send it to yourself as a link in an HTML email.

http://www.google.com/url?sa=t&source=web&cd=1&ved=0CCQQIDAA&url=http%3A%2F%2Fwebcache.googleusercontent.com%2Fsearch%3Fq%3Dcache%3AulbHQR-5i7cJ%3Awww.gnome.org%2F%2Bgnome%26cd%3D1%26hl%3Den%26ct%3Dclnk%26gl%3Dus&ei=6eVFTCuOkp8H6d-E_gM&usg=AFQjCNFCkBrmoakeGg9IU6W-2VecSxFX9g

The above link include a parameter named "url" which contains an escaped URL which, including it's escaped parameters, to be passed onto the base URL.
  
The value of the 'url' parameter is unescaped before being passed to the browser, thus breaking the parameters the encapsulated URL is expecting to have passed.

Per strace, this is the command issued:
[pid 18577] execve("/opt/google/chrome/google-chrome", 
["/opt/google/chrome/google-chrome", "--new-window", "http://www.google.com/url?sa=t&source=web&cd=1&ved=0CCQQIDAA&url=http://webcache.googleusercontent.com/search?q=cache:ulbHQR-5i7cJ:www.gnome.org/+gnome&cd=1&hl=en&ct=clnk&gl=us&ei=6eVFTCuOkp8H6d-E_gM&usg=AFQjCNFCkBrmoakeGg9IU6W-2VecSxFX9g"], [/* 44 vars */] <unfinished ...>

Notice the original 'url' parameter only contains the www.googleusercontent.com URL, it's parameters are no longer escaped and now part of the base URL 

Google, and many other sites which do this, returns a error/redirect notice not knowing what to do.

Comment 1 Matthew Barnes 2010-07-20 23:08:13 UTC

Thanks for the bug report. This particular bug has already been reported into our bug tracking system, but please feel free to report any further bugs you find.

*** This bug has been marked as a duplicate of bug 581032 ***