Skip to content

Unescape relative path before file lookup to fix space-in-filename issue #62349

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Unescape relative path before file lookup to fix space-in-filename issue #62349

wants to merge 2 commits into from

Conversation

jacob-l
Copy link

@jacob-l jacob-l commented Jun 14, 2025

Summary

When serving files, if the requested path contains spaces or other special characters, the lookup fails because Uri.MakeRelativeUri returns a URL-encoded path (e.g. spaces become %20). The file provider expects a plain file path, not a URL-encoded one.

This PR adds a call to Uri.UnescapeDataString after MakeRelativeUri, ensuring the relative path is correctly unescaped before being used to retrieve files.

@jacob-l
Unescape relative path before accessing file provider
dfe30bc 
The relative path was URL-encoded, which caused file lookups to fail for paths containing spaces or other special characters. Unescaping the path resolves the issue.
@jacob-l jacob-l requested a review from a team as a code owner June 14, 2025 06:07
@github-actions github-actions bot added the area-blazor Includes: Blazor, Razor Components label Jun 14, 2025
@dotnet-policy-service dotnet-policy-service bot added the community-contribution Indicates that the PR has been added by a community member label Jun 14, 2025
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Thanks for your PR, @@jacob-l. Someone from the team will get assigned to your PR shortly and we'll get it reviewed.

@ilonatommy
Copy link
Member

@jacob-l thank you for your contribution. Could you, please add a test in https://github.com/dotnet/aspnetcore/blob/main/src/Components/WebView/WebView/test/StaticContentProviderTests.cs that would demonstrate the encoding failure you're describing?

@jacob-l
test: add test for serving files with whitespaces in their name
0a06110 
This test verifies that TryGetResponseContent can handle file paths containing whitespaces and serves the expected content, ensuring the URL-encoding fix works as intended.
@jacob-l
Copy link
Author

jacob-l commented Jun 16, 2025

@dotnet-policy-service agree

@jacob-l
Copy link
Author

jacob-l commented Jun 16, 2025

Thanks for your feedback and approval, @ilonatommy

@javiercn
Copy link
Member

We also need security review, as unescaping has security implications.

@javiercn javiercn added the * NO MERGE * Do not merge this PR as long as this label is present. label Jun 16, 2025
ladeak
ladeak reviewed Jun 16, 2025
View reviewed changes
src/Components/WebView/WebView/src/StaticContentProvider.cs
@@ -27,6 +27,8 @@ public bool TryGetResponseContent(string requestUri, bool allowFallbackOnHostPag
{
var relativePath = _appBaseUri.MakeRelativeUri(fileUri).ToString();

relativePath = Uri.UnescapeDataString(relativePath);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the relative path intentionally contains encoded parts, ie. %2F, this is going to decode that to a / and the file won't be found/served?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the question, @ladeak !

If the file with %2F is in the file provider, for example, "folder%2Ffile.txt", then I expect the requestUri in the method TryGetResponseContent to be like this: "https://test.domain/folder%252Ffile.txt".
In this case, the relative path before unescaping is "folder%252Ffile.txt", and after unescaping it becomes "folder%2Ffile.txt".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ladeak ladeak ladeak left review comments

@ilonatommy ilonatommy ilonatommy approved these changes

Assignees
No one assigned
Labels
area-blazor Includes: Blazor, Razor Components community-contribution Indicates that the PR has been added by a community member * NO MERGE * Do not merge this PR as long as this label is present.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jacob-l @ilonatommy @javiercn @ladeak