Skip to content

Unescape relative path before file lookup to fix space-in-filename issue #62349

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jacob-l wants to merge 2 commits into
base: main
Choose a base branch
from
+34 −0
Open

Unescape relative path before file lookup to fix space-in-filename issue #62349

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
dfe30bc
Unescape relative path before accessing file provider
jacob-l Jun 14, 2025
0a06110
test: add test for serving files with whitespaces in their name
jacob-l Jun 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions src/Components/WebView/WebView/src/StaticContentProvider.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ public bool TryGetResponseContent(string requestUri, bool allowFallbackOnHostPag
{
var relativePath = _appBaseUri.MakeRelativeUri(fileUri).ToString();

relativePath = Uri.UnescapeDataString(relativePath);

@ladeak ladeak Jun 16, 2025

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the relative path intentionally contains encoded parts, ie. %2F, this is going to decode that to a / and the file won't be found/served?

@jacob-l jacob-l Jun 17, 2025

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the question, @ladeak !

If the file with %2F is in the file provider, for example, "folder%2Ffile.txt", then I expect the requestUri in the method TryGetResponseContent to be like this: "https://test.domain/folder%252Ffile.txt".
In this case, the relative path before unescaping is "folder%252Ffile.txt", and after unescaping it becomes "folder%2Ffile.txt".

@javiercn javiercn Jan 20, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think this is the right place to do this. If we are going to do something like this, we should to it to the entire URL and do it before the _appBaseUri.IsBaseOf call. I think the same concerns that we have in Kestrel apply here with regards to certain charcters like /


// Content in the file provider takes first priority
// Next we may fall back on supplying the host page to support deep linking
// If there's no match, fall back on serving embedded framework content
Expand Down
32 changes: 32 additions & 0 deletions src/Components/WebView/WebView/test/StaticContentProviderTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,38 @@ public void TryGetResponseContentReturnsCorrectContentTypeForNonPhysicalFile()
Assert.Equal("text/css", contentTypeValue);
}

[Fact]
public void TryGetResponseContentCanHandleWhitespaceInFileName()
{
// Arrange
const string cssFilePath = "file with whitespace.css";
const string cssFileContent = "this is css";
var inMemoryFileProvider = new InMemoryFileProvider(
new Dictionary<string, string>
{
{ cssFilePath, cssFileContent },
});
var appBase = "fake://0.0.0.0/";
var scp = new StaticContentProvider(inMemoryFileProvider, new Uri(appBase), "fakehost.html");

// Act
Assert.True(scp.TryGetResponseContent(
requestUri: appBase + Uri.EscapeDataString(cssFilePath),
allowFallbackOnHostPage: false,
out var statusCode,
out var statusMessage,
out var content,
out var headers));

// Assert
var contentString = new StreamReader(content).ReadToEnd();
Assert.Equal(200, statusCode);
Assert.Equal("OK", statusMessage);
Assert.Equal("this is css", contentString);
Assert.True(headers.TryGetValue("Content-Type", out var contentTypeValue));
Assert.Equal("text/css", contentTypeValue);
}

private sealed class InMemoryFileProvider : IFileProvider
{
public InMemoryFileProvider(IDictionary<string, string> filePathsAndContents)
Expand Down
Loading