Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Double encoded single quotes in goal names #13828

Closed
mattab opened this issue Dec 11, 2018 · 3 comments
Closed

Double encoded single quotes in goal names #13828

mattab opened this issue Dec 11, 2018 · 3 comments
Assignees
@sgiehl
Labels
Regression Indicates a feature used to work in a certain way but it no longer does even though it should.
Milestone
3.8.0

Comments

@mattab
Copy link
Member

mattab commented Dec 11, 2018
edited

Reproduce

  • Create a goal called hello ' world and also use this text as the Goal description
  • Then see the goal appear as hello ' world

in Goals

See the below screenshots of Goal overview and Manage goals showing the double encoding:

new goal

hello world

in Forms

Similar issue in Form Analytics:
form description

Maybe a regression from #13715

Would be valuable to add some UI tests that would catch the issue.
@mattab mattab added the Regression Indicates a feature used to work in a certain way but it no longer does even though it should. label Dec 11, 2018
@mattab mattab added this to the 3.8.0 milestone Dec 11, 2018
@sgiehl sgiehl self-assigned this Dec 21, 2018
@sgiehl
Copy link
Member

sgiehl commented Dec 21, 2018

That's a more global and general issue of our input sanitize.

For goals we send the values using encodeURIComponent. That kind of circumvents the automatic input sanitize for all chars expect - _ . ! ~ * ' ( ), which keep untouched. Thus the ' is stored as ' in the database. Will create a PR to fix that partially. But imho it would make most sense to finally get rid of the global input sanitize

@sgiehl sgiehl mentioned this issue Dec 21, 2018
Merged
@tsteur
Copy link
Member

tsteur commented Dec 21, 2018

But imho it would make most sense to finally get rid of the global input sanitize

That would be awesome. Also causes issues eg in tag mananger matomo-org/tag-manager#134 . Not sure if it will be ever possible to fully get rid of it though as it could cause so many issues. Best might be to support it slowly and refactor it step by step. Like if a variable starts with underscore _ in API, it gets it unserialized or something like that. Or maybe it can be configured somehow.

@diosmosis
Copy link
Member

Should be fixed in 3.x-dev

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sgiehl sgiehl

Labels
Regression Indicates a feature used to work in a certain way but it no longer does even though it should.
Projects
None yet
Milestone
3.8.0
Development

No branches or pull requests
4 participants
@diosmosis @tsteur @mattab @sgiehl