Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Separating comma is not URL-encoded in array query parameter with style: form, explode: false and allowReserved: false #9289

Closed
marvinruder opened this issue Oct 7, 2023 · 3 comments
Closed

Separating comma is not URL-encoded in array query parameter with style: form, explode: false and allowReserved: false #9289

marvinruder opened this issue Oct 7, 2023 · 3 comments
Labels
P2 swagger-js type: bug

Comments

@marvinruder
Copy link

Q&A (please complete the following information)

  • OS: macOS 14.0 (build 23A344)
  • Browser: Safari Version 17.0 (19616.1.27.211.1)
  • Method of installation: static file server
  • Swagger-UI version: 5.9.0
  • Swagger/OpenAPI version: OpenAPI 3.0.3

Content & configuration

Example Swagger/OpenAPI definition:

openapi: 3.0.3
info:
  title: Example
  version: "0"
servers:
  - url: https://example.com/api
paths:
  /list:
    get:
      parameters:
        - name: elements
          in: query
          style: form
          explode: false
          allowReserved: false
          schema:
            type: array
            items:
              type: string
      responses:
        '200':
          description: Successful operation

To reproduce...

Steps to reproduce the behavior:

  1. Open Swagger UI with the configuration provided
  2. Open endpoint and click “Try it out”
  3. Add multiple strings to array
  4. Click “Execute”
  5. Observe that in the request URL sent to the (example) server array strings are joined using unencoded ,, in violation of allowReserved: false configuration option

Expected behavior

The strings are separated by %2C instead of ,.

Screenshots

image
@ptrstn
Copy link

ptrstn commented Sep 3, 2024

Any solutions to this?

@char0n
Copy link
Member

char0n commented Oct 31, 2024

This is caused by upstream swagger-client library

@char0n char0n mentioned this issue Oct 31, 2024
Closed
@char0n
Copy link
Member

char0n commented Oct 31, 2024

After thorough investigation we've determined that status quo is correct. We've created a PR that solves the potential issue described in this GitHub issue, but during the code review we've uncovered that the change would introduce ambiguity into encoding and the data semantics will be lost when utilized.

parameter value1: "data,data"
parameter value2: "data,data"

Before the PR
-------------------
allowReserved=false: param=data%2Cdata,data%2Cdata
allowReserved=true: param=data,data,data,data

After the PR
----------------
allowReserved=false: param=data%2Cdata%2Cdata%2Cdata
allowReserved=true: param=data,data,data,data

After scenario proves that it is not possible to construct original parameter value again as the separator is now ambiguous.

Please reopen this issue if you disagree with our reasoning.

@char0n char0n closed this as completed Oct 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
P2 swagger-js type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@char0n @ponelat @marvinruder @ptrstn