Merge pull request #3760 from hashicorp/ui-updates

Updates the web UI to escape invalid characters in keys.
2017-12-20 13:47:20 -08:00 · 2017-12-20 13:47:20 -08:00 · 0bb4b9a9ea
parent 05a83fb5d5 d0cb33e33f
commit 0bb4b9a9ea
4 changed files with 50 additions and 33 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -6,6 +6,8 @@ IMPROVEMENTS:

 BUG FIXES:

+* ui: Added a URI escape around key/value keys so that it's not possible to create unexpected partial key names when entering characters like `?` inside a key. [GH-3760]
+
 ## 1.0.2 (December 15, 2017)

 IMPROVEMENTS:
--- a/agent/bindata_assetfs.go
+++ b/agent/bindata_assetfs.go
--- a/agent/consul/server_oss.go
+++ b/agent/consul/server_oss.go
@ -12,4 +12,4 @@ func init() {
 	registerEndpoint(func(s *Server) interface{} { return &Session{s} })
 	registerEndpoint(func(s *Server) interface{} { return &Status{s} })
 	registerEndpoint(func(s *Server) interface{} { return &Txn{s} })
-}
+}
--- a/ui/javascripts/app/models.js
+++ b/ui/javascripts/app/models.js
@ -132,6 +132,21 @@ App.Key = Ember.Object.extend(Ember.Validations.Mixin, {
  // Boolean if the value is valid
  valueValid: Ember.computed.empty('errors.Value'),

+// Escape any user-entered parts that aren't URL-safe, but put slashes back since
+// they are common in keys, and the UI lets users make "folders" by simply adding
+// them to keys.
+  Key: function(key, value) {
+    // setter
+    if (arguments.length > 1) {
+      clean = encodeURIComponent(decodeURIComponent(value)).replace(/%2F/g, "/")
+      this.set('cleanKey', clean);
+      return clean;
+    }
+
+    // getter
+    return this.get('cleanKey')
+  }.property('Key'),
+
  // The key with the parent removed.
  // This is only for display purposes, and used for
  // showing the key name inside of a nested key.