From 87d6da3ab3f4f84743b55c998f654855b2ece6e5 Mon Sep 17 00:00:00 2001
From: Stephanie Freitag <stephanie.freitag@holi.team>
Date: Tue, 28 Jan 2025 18:56:03 +0100
Subject: [PATCH] HOLI-10917: handle URI encoding

---
 apps/web/helpers/__tests__/coerceUUIDParams.test.ts    | 10 ++++++----
 .../helpers/__tests__/createServerSideProps.test.ts    |  2 +-
 apps/web/helpers/coerceUUIDParams.ts                   |  4 ++--
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/apps/web/helpers/__tests__/coerceUUIDParams.test.ts b/apps/web/helpers/__tests__/coerceUUIDParams.test.ts
index 3bd0e0402d..95abd8da88 100644
--- a/apps/web/helpers/__tests__/coerceUUIDParams.test.ts
+++ b/apps/web/helpers/__tests__/coerceUUIDParams.test.ts
@@ -5,10 +5,11 @@ describe('coerceUUIDParams', () => {
   it('should replace invalid UUID param', () => {
     const uuid = createUUID()
     const invalid = `${uuid},`
+    const url = `/path/${encodeURIComponent(invalid)}`
 
-    const url = coerceUUIDParams([invalid], `/path/${invalid}`)
+    const redirectUrl = coerceUUIDParams([invalid], url)
 
-    expect(url).toEqual(`/path/${uuid}`)
+    expect(redirectUrl).toEqual(`/path/${uuid}`)
   })
 
   it('should replace multiple invalid UUID params', () => {
@@ -16,10 +17,11 @@ describe('coerceUUIDParams', () => {
     const uuid2 = createUUID()
     const invalid1 = `${uuid1},`
     const invalid2 = `${uuid2}👀`
+    const url = `/path/${encodeURIComponent(invalid2)}/${encodeURIComponent(invalid1)}`
 
-    const url = coerceUUIDParams([invalid1, invalid2], `/path/${invalid2}/${invalid1}`)
+    const redirectUrl = coerceUUIDParams([invalid1, invalid2], url)
 
-    expect(url).toEqual(`/path/${uuid2}/${uuid1}`)
+    expect(redirectUrl).toEqual(`/path/${uuid2}/${uuid1}`)
   })
 
   it('should return undefined if all params are valid', () => {
diff --git a/apps/web/helpers/__tests__/createServerSideProps.test.ts b/apps/web/helpers/__tests__/createServerSideProps.test.ts
index 3d87a1cf0b..c1df22cfb8 100644
--- a/apps/web/helpers/__tests__/createServerSideProps.test.ts
+++ b/apps/web/helpers/__tests__/createServerSideProps.test.ts
@@ -266,7 +266,7 @@ describe('createServerSideProps', () => {
     const uuid2 = createUUID()
     const param1 = `${uuid1},`
     const param2 = `${uuid2}👀`
-    const url = `/path/${param1}/${param2}`
+    const url = `/path/${encodeURIComponent(param1)}/${encodeURIComponent(param2)}`
     const expectedUrl = `/path/${uuid1}/${uuid2}`
 
     // @ts-ignore
diff --git a/apps/web/helpers/coerceUUIDParams.ts b/apps/web/helpers/coerceUUIDParams.ts
index 681ddf1b82..ab9a0b7f8e 100644
--- a/apps/web/helpers/coerceUUIDParams.ts
+++ b/apps/web/helpers/coerceUUIDParams.ts
@@ -10,7 +10,7 @@ const getSingleParam = (path: string | string[] | undefined) => {
 export const coerceUUIDParams = (uuidParams: (string | string[] | undefined)[], url?: string): string | undefined => {
   const replacements = uuidParams
     .map((param) => {
-      const singleParam = getSingleParam(param)
+      const singleParam = encodeURIComponent(getSingleParam(param) || '')
       if (!singleParam) {
         return undefined
       }
@@ -26,5 +26,5 @@ export const coerceUUIDParams = (uuidParams: (string | string[] | undefined)[],
     return undefined
   }
 
-  return replacements.reduce((url, [invalid, valid]) => url?.replace(invalid, valid), url)
+  return replacements.reduce((u, [invalid, valid]) => u?.replace(invalid, valid), url)
 }
-- 
GitLab