Skip to content

URL Parsing Error Due to Newline Character Inclusion #13490

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
welkinwong opened this issue Apr 29, 2025 · 5 comments · May be fixed by #13643
Open

URL Parsing Error Due to Newline Character Inclusion #13490

welkinwong opened this issue Apr 29, 2025 · 5 comments · May be fixed by #13643
Labels
bug feat:router pkg:react-router

Comments

@welkinwong
Copy link

I'm using React Router as a...

library

Reproduction

When a URL contains a newline character (either as %0a), the system throws an error but fails to properly handle it in the routing layer.

example:
https://reactrouter.com/home/%0a

Image

System Info

System:
    OS: macOS 15.4.1
    CPU: (10) arm64 Apple M2 Pro
    Memory: 104.27 MB / 16.00 GB
    Shell: 5.9 - /bin/zsh
  Binaries:
    Node: 23.10.0 - /opt/homebrew/opt/node/bin/node
    npm: 10.9.2 - /opt/homebrew/opt/node/bin/npm
    pnpm: 10.5.2 - /opt/homebrew/bin/pnpm
  Browsers:
    Chrome: 135.0.7049.115
    Safari: 18.4
  npmPackages:
    react-router: ^7.5.3 => 7.5.3

Used Package Manager

npm

Expected Behavior

Caught by wildcard route (for 404 pages)

Actual Behavior

throws a server error
@welkinwong welkinwong added the bug label Apr 29, 2025
@timdorr
Copy link
Member

timdorr commented Apr 29, 2025

I'm getting this as an Error: No route matches URL "/%0a" when I try this locally. That is coming through as a server error, so it displays that generic one in production mode.

@welkinwong
Copy link
Author

@timdorr Yes, but normally it should be captured by the '*' wildcard, leading to a 404 page.

like this:

Image

@timdorr
Copy link
Member

timdorr commented Apr 30, 2025

I know, I'm just giving more context than the obfuscated error on the reactrouter.com site.

@rururux
Copy link

rururux commented May 20, 2025

Maybe this is the part that is causing the problem.

Image

@rururux
Copy link

rururux commented May 20, 2025

It seems that this can be fixed by adding the s (single line) flag to the regular expression created by compilePath(), but is there any possibility that adding the s flag will have some side effects?

rururux added a commit to rururux/react-router that referenced this issue May 20, 2025
@rururux
fix regex handling for URLs containing newline characters (%0A) (remi…
5de1622 
…x-run#13490)
@MichaelDeBoey MichaelDeBoey linked a pull request May 20, 2025 that will close this issue
fix(react-router): fix regex handling for URLs containing newline characters #13643
Open
rururux added a commit to rururux/react-router that referenced this issue May 26, 2025
@rururux
fix regex handling for URLs containing newline characters (%0A) (remi…
8783751 
…x-run#13490)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug feat:router pkg:react-router
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(react-router): fix regex handling for URLs containing newline characters rururux/react-router
4 participants
@timdorr @brophdawg11 @rururux @welkinwong