Unplanned
Last Updated: 23 Apr 2020 08:03 by ADMIN
Werner
Created on: 22 Apr 2020 14:24
Category: Upload
Type: Bug Report
2
File names are HTML encoded upon selection and show up wrongly in the list
The file info passed in UploadSuccessEventArgs to the event contains HTML entities

e.g. for the file "Golf & Country Club.png" the file info name is "Golf & Country Club"  which leads to an exception.
2 comments
ADMIN
Marin Bratanov
Posted on: 23 Apr 2020 08:03

A status update - the HTML encoding is expected, I had missed a line in the code that does it, and it is now documented (commit and article where the update was made).

As for the Upload UI issue - this will require further research to make there isn't a vulnerability exposed through this. This is what this item will track. The file name will keep being encoded.

 

Regards,
Marin Bratanov
Progress Telerik

Progress is here for your business, like always. Read more about the measures we are taking to ensure business continuity and help fight the COVID-19 pandemic.
Our thoughts here at Progress are with those affected by the outbreak.
ADMIN
Marin Bratanov
Posted on: 22 Apr 2020 14:34

While this is reviewed, you can decode the file names in the component event handlers in case the HTML entities are a problem.

The file name is correct in the controller (meaning - there are no HTML entities in it), and with the code below there is only a small visual glitch in the specific file names in the Upload component itself. A screenshot is attached below that illustrates the results.

 

@inject NavigationManager NavigationManager

<TelerikUpload SaveUrl="@SaveUrl" RemoveUrl="@RemoveUrl"
               OnSuccess="@OnSuccessHandler"
                OnSelect="@OnSelectHandler"/>

@code {
    // one way to define relative paths, put the desired URL here
    // can be a full URL such as https://mydomain/myendpoint/save
    public string SaveUrl => ToAbsoluteUrl("api/upload/save");
    public string RemoveUrl => ToAbsoluteUrl("api/upload/remove");

    public string ToAbsoluteUrl(string url)
    {
        return $"{NavigationManager.BaseUri}{url}";
    }

    async Task OnSuccessHandler(UploadSuccessEventArgs e)
    {
        var actionText = e.Operation == UploadOperationType.Upload ? "uploaded" : "removed";

        foreach (var file in e.Files)
        {
            string decodedFileName = System.Net.WebUtility.HtmlDecode(file.Name);
            Console.WriteLine($"The file {decodedFileName} has been {actionText} successfully");
        }
    }

    async Task OnSelectHandler(UploadSelectEventArgs e)
    {
        // the file name is encoded here already

        foreach (var item in e.Files)
        {
            string decodedFileName = System.Net.WebUtility.HtmlDecode(item.Name);
            Console.WriteLine($"OnSelect: {decodedFileName}");
        }
    }
}

 

 

Regards,
Marin Bratanov
Progress Telerik

Progress is here for your business, like always. Read more about the measures we are taking to ensure business continuity and help fight the COVID-19 pandemic.
Our thoughts here at Progress are with those affected by the outbreak.
Attached Files: