Launchpad itself

package version page version links are not escaped correctly

Bug #973212 reported by Andy Whitcroft on 2012-04-04

This bug report is a duplicate of: Bug #1629058: DistributionSourcePackage:+index incorrectly links versions with epochs. Edit Remove

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Launchpad itself	Triaged	High	Unassigned

Bug Description

For an Ubuntu package there is a current versions page which shows each version in each pocket, for example:

https://launchpad.net/ubuntu/+source/pulseaudio

In this page the version specific links, those to the right of the 'expander' arrow, are relative links to the version specific sub-page, in this example something like:

          <a href="1:1.1-0ubuntu14">
            <img src="/@@/package-source" />
            1:1.1-0ubuntu14
          </a>

Where this version has an epoch, as pulseaudio does, this is formatted with a raw colon. This is ambigiously either a relative URL or a url using the protocol '1'. (This is displayed correctly in firefox but not in chromium.)

Looking at the URI spec (http://www.ietf.org/rfc/rfc2396.txt) there seems to be nothing to prevent chromiums interpretation of the link being valid as for an unknown scheme we cannot rely on anything other than the colon:

The URI syntax is dependent upon the scheme. In general, absolute
URI are written as follows:

It therefore seems appropriate we either confirm this as a relative URL with a "./" prefix, or probabally more correctly encode the ":" as a % escape (I think %3A).

Analysis
========

We should escape the first segment correctly, or use the ./ hack Andy suggests. Whomever looks at the code to see how we are generating the links can decide what makes the most sense.

See original description

Revision history for this message

Robert Collins (lifeless) wrote on 2012-04-04:

Thanks for the report; section 5 of of the standard covers relative references:

relativeURI = ( net_path | abs_path | rel_path ) [ "?" query ]

..
A relative reference that does not begin with a scheme name or a
slash character is termed a relative-path reference.

rel_path = rel_segment [ abs_path ]

rel_segment = 1*( unreserved | escaped |
";" | "@" | "&" | "=" | "+" | "$" | "," )

that is, the rules for relative references are *different* to the rules for arbitrary path segments, and our url generator is getting that wrong. Chromium's behaviour is fine.

Changed in launchpad:
status:	New → Triaged
importance:	Undecided → High
summary:	- package version page version links are relative and contain a : which is - parsed as a protocol specifier in chromium + package version page version links are not escaped correctly
description:	updated

Revision history for this message

Manfred Hampl (m-hampl) wrote on 2013-09-30:

Microsoft Internet Explorer 8 also does not open the page that the link is supposed to point to (apparently does the same interpretation of <scheme>:<scheme-specific-part> with the epoch number being taken for a scheme).

In the top page of each page, the link beneath "Latest upload:" does work well, because it is provided with full path href="/ubuntu/+source/...

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1629058 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.