issue_comments: 900690998

This data as json

html_url issue_url id node_id user created_at updated_at author_association body reactions issue performed_via_github_app
https://github.com/simonw/datasette/issues/1438#issuecomment-900690998 https://api.github.com/repos/simonw/datasette/issues/1438 900690998 IC_kwDOBm6k_c41r3Q2 9599 2021-08-17T23:11:16Z 2021-08-17T23:12:25Z OWNER

I have completely failed to replicate this initial bug - but it's still there on the thesession.vercel.app deployment (even though my own deployments to Vercel do not exhibit it). Here's a one-liner to replicate it against that deployment:

curl -s 'https://thesession.vercel.app/thesession?sql=select+*+from+tunes+where+name+like+%22%25wise+maid%25%22' | rg '.csv'

Whit outputs this:

<p class="export-links">This data as <a href="/thesession.json?sql=select * from tunes where name like "%wise maid%"">json</a>, <a href="/thesession.csv?sql=select * from tunes where name like "%wise maid%"&_size=max">CSV</a></p>

It looks like, rather than being URL-encoded, the original query string is somehow making it through to Jinja and then being auto-escaped there.

The weird thing is that the equivalent query executed against my til.simonwillison.net Vercel instance does this:

curl -s 'https://til.simonwillison.net/fixtures?sql=select+*+from+searchable+where+text1+like+%22%25a%25%22' | rg '.csv'

<p class="export-links">This data as <a href="/fixtures.json?sql=select%20*%20from%20searchable%20where%20text1%20like%20%22%25a%25%22">json</a>, <a href="/fixtures.csv?sql=select%20*%20from%20searchable%20where%20text1%20like%20%22%25a%25%22&_size=max">CSV</a></p>

 
{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
 972918533