Properly URL-encode and -decode a bunch of query parameters.

 - Legacy-Id: 19981

Author: larseggert

ietf/doc/tests_bofreq.py

@@ -8,7 +8,7 @@
 from pyquery import PyQuery
 from random import randint
 from tempfile import NamedTemporaryFile
-from html import escape, unescape
+from html import unescape
 
 from django.conf import settings
 from django.urls import reverse as urlreverse

ietf/meeting/tests_js.py

@@ -8,6 +8,7 @@
 import os
 import re
 from unittest import skipIf
+import urllib.parse
 
 import django
 from django.utils.text import slugify
@@ -1725,7 +1726,7 @@ def __call__(self, driver):
         # Now select a different item from the select input
         option.click()
         try:
-            wait.until(in_iframe_href('tz=america/halifax', self.driver.find_element(By.CSS_SELECTOR, '#weekview iframe')))
+            wait.until(in_iframe_href(urllib.parse.quote('tz=america/halifax', safe='='), self.driver.find_element(By.CSS_SELECTOR, '#weekview iframe')))
         except:
             self.fail('iframe href not updated to contain selected time zone')
 
@@ -1844,7 +1845,7 @@ def test_timezone_selection(self):
         self.login()
         for zone_name in zones_to_test:
             zone = pytz.timezone(zone_name)
-            self.driver.get(self.absreverse('ietf.meeting.views.week_view') + '?tz=' + zone_name)
+            self.driver.get(self.absreverse('ietf.meeting.views.week_view') + '?tz=' + urllib.parse.quote(zone_name, safe=''))
             for item in self.get_expected_items():
                 if item.session.name:
                     expected_name = item.session.name
@@ -1947,7 +1948,7 @@ def _assert_not_wrapped(displayed, expected_time_string):
         self.login()
 
         # Test in meeting local time
-        self.driver.get(self.absreverse('ietf.meeting.views.week_view') + '?tz=%s' % local_tz.lower())
+        self.driver.get(self.absreverse('ietf.meeting.views.week_view') + '?tz=%s' % urllib.parse.quote(local_tz.lower(), safe=''))
 
         time_string = '-'.join([daytime_timeslot.local_start_time().strftime('%H%M'),
                                 daytime_timeslot.local_end_time().strftime('%H%M')])

ietf/meeting/tests_views.py

@@ -15,7 +15,7 @@
 from lxml.etree import tostring
 from io import StringIO, BytesIO
 from bs4 import BeautifulSoup
-from urllib.parse import urlparse, urlsplit
+from urllib.parse import urlparse, urlsplit, quote
 from PIL import Image
 from pathlib import Path
 
@@ -409,7 +409,7 @@ def test_agenda_week_view(self):
         self.assertTrue(all([x in unicontent(r) for x in ['redraw_weekview', 'draw_calendar', ]]))
 
         # Specifying a time zone should not change the output (time zones are handled by the JS)
-        url = urlreverse("ietf.meeting.views.week_view",kwargs=dict(num=meeting.number)) + "?show=farfut&tz=Asia/Bangkok"
+        url = urlreverse("ietf.meeting.views.week_view",kwargs=dict(num=meeting.number)) + "?show=farfut&" + quote("tz=Asia/Bangkok", safe='=')
         r_with_tz = self.client.get(url)
         self.assertEqual(r_with_tz.status_code,200)
         self.assertEqual(r.content, r_with_tz.content)

ietf/static/js/agenda_filter.js

@@ -38,17 +38,16 @@ window.agenda_filter_for_testing; // methods to be accessed for automated testin
     }
 
     function parse_query_params(qs) {
-        var params = {};
-        qs = decodeURI(qs)
-            .replace(/^\?/, '')
-            .toLowerCase();
-        if (qs) {
-            var param_strs = qs.split('&');
-            for (var ii = 0; ii < param_strs.length; ii++) {
-                var toks = param_strs[ii].split('=', 2);
-                params[toks[0]] = toks[1] || true;
+        const urlSearchParams = new URLSearchParams(qs);
+        const params = Object.fromEntries(urlSearchParams.entries());
+
+        // the old code returned true for empty params, so do that, too
+        for (const property in params) {
+            if (params[property] === "") {
+                params[property] = true;
             }
         }
+
         return params;
     }
 

ietf/templates/meeting/agenda.html

@@ -369,9 +369,9 @@ <h2 class="mt-3">
             if (!weekview.hasClass('visually-hidden')) {
                 var queryparams = window.location.search;
                 if (queryparams) {
-                    queryparams += '&tz=' + encodeURI(ietf_timezone.get_current_tz().toLowerCase());
+                    queryparams += '&tz=' + encodeURIComponent(ietf_timezone.get_current_tz().toLowerCase());
                 } else {
-                    queryparams = '?tz=' + encodeURI(ietf_timezone.get_current_tz().toLowerCase());
+                    queryparams = '?tz=' + encodeURIComponent(ietf_timezone.get_current_tz().toLowerCase());
                 }
                 var new_url = 'week-view.html' + queryparams;
                 var wv_iframe = $(weekview).children('iframe');

ietf/utils/templatetags/textfilters.py

@@ -8,7 +8,6 @@
 from django import template
 from django.conf import settings
 from django.template.defaultfilters import stringfilter
-from django.utils.html import escape
 from django.utils.safestring import mark_safe
 
 import debug                            # pyflakes:ignore