Skip to content

Encode server action URLs safely and fix GraphArea lint return path#340

Merged
pradeeban merged 3 commits intoControlCore-Project:devfrom
Titas-Ghosh:fix/server-action-url-encoding
Feb 23, 2026
Merged

Encode server action URLs safely and fix GraphArea lint return path#340
pradeeban merged 3 commits intoControlCore-Project:devfrom
Titas-Ghosh:fix/server-action-url-encoding

Conversation

@Titas-Ghosh
Copy link

@Titas-Ghosh Titas-Ghosh commented Feb 23, 2026

Hi @pradeeban , Fixes #339

This PR makes our server action requests much more robust by properly encoding dynamic URL segments and query parameters. It also includes a tiny linting fix to keep the build perfectly green.

What was the problem?

Previously, server action URLs were built using raw string concatenation. This meant that if a user had spaces, &, ?, or newlines in their workflow, folder, or library names, it would result in malformed requests that could break the application.

How i fixed it

  • 6-server.js (The core fix):

    • i Switched to URLSearchParams to safely build query strings for the build(), clear(), and library() actions.
    • Wrapped dynamic path segments in encodeURIComponent() across the board (build, debug, run, clear, stop, destroy, and library).
    • Note: The existing guard behavior for a missing fileName (getCurrentGraphName() path) was preserved exactly as is.

  • GraphArea.jsx (Linting cleanup):

    • Fixed a useEffect return path to satisfy the consistent-return lint rule (ensuring the cleanup function always returns). There is absolutely no change to runtime behavior here; it just keeps the linter happy!

Validation

  • Manual UI Testing: Verified via the DevTools Network tab that spaces, newlines, and special characters are now properly encoded in the outgoing requests.
  • Build: npm run build completes successfully with these changes.

Let me know if you'd like any adjustments
Thanks!

@Titas-Ghosh Titas-Ghosh changed the title Fix/server action url encoding Encode server action URLs safely and fix GraphArea lint return path Feb 23, 2026
@Titas-Ghosh Titas-Ghosh mentioned this pull request Feb 23, 2026
Closed
@pradeeban
Copy link
Member

pradeeban commented Feb 23, 2026

Such special characters are unlikely in practice. So, we did not bother with this. But the PR looks harmless and fixes something that might happen at some point. So, merging.

@pradeeban pradeeban merged commit 3d52392 into ControlCore-Project:dev Feb 23, 2026
1 check passed
@Titas-Ghosh
Copy link
Author

Titas-Ghosh commented Feb 24, 2026

Thanks for merging this, @pradeeban,
I completely agree that it's a rare edge case, but i figured it might be a nice safety first improvement to have in the codebase just in case....also apologies for the delayed response, actually i was a bit caught up with internal exams this week. Glad to see this is in, looking forward to being more active from now on.....

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Titas-Ghosh @pradeeban