Slash \ escaped characters in direct input strings aren't unescaped
Closed this issue · 2 comments
donut commented
If I run this query in GraphiQL
query {
goomba(alias: "test\"") {
id: ID!
}
}the value passed to the resolve function will be exactly test\". However, if I change the query to
query GoombaQuery($input:String!) {
goomba(alias: $input) {
id: ID!
}
}with the variables
{ "input": "test\"" }the quotation is de-escaped as expected, test".
andreas commented
Thanks for reporting this, @donut. Could I ask you to share the HTTP POST request made by GraphiQL? Just want to make sure there's no further escaping going on.
donut commented
Curl:
curl -X "POST" "http://localhost:8080/graphql" \
-H "Content-Type: application/json; charset=utf-8" \
-d $'{
"query": "query {\\n url(alias: \\"harry\\\\\\"\\") {\\n error { code, message }\\n url {\\n id\\n }\\n }\\n}"
}'HAR from Chrome:
{
"log": {
"version": "1.2",
"creator": {
"name": "WebInspector",
"version": "537.36"
},
"pages": [
{
"startedDateTime": "2017-10-24T16:49:21.975Z",
"id": "page_1",
"title": "http://localhost:8080/graphql?query=%23%20Welcome%20to%20GraphiQL%0A%23%0A%23%20GraphiQL%20is%20an%20in-browser%20IDE%20for%20writing%2C%20validating%2C%20and%0A%23%20testing%20GraphQL%20queries.%0A%23%0A%23%20Type%20queries%20into%20this%20side%20of%20the%20screen%2C%20and%20you%20will%0A%23%20see%20intelligent%20typeaheads%20aware%20of%20the%20current%20GraphQL%20type%20schema%20and%0A%23%20live%20syntax%20and%20validation%20errors%20highlighted%20within%20the%20text.%0A%23%0A%23%20To%20bring%20up%20the%20auto-complete%20at%20any%20point%2C%20just%20press%20Ctrl-Space.%0A%23%0A%23%20Press%20the%20run%20button%20above%2C%20or%20Cmd-Enter%20to%20execute%20the%20query%2C%20and%20the%20result%0A%23%20will%20appear%20in%20the%20pane%20to%20the%20right.%0A%0Aquery%20%7B%0A%20%20url(alias%3A%20%22harry%5C%22%22)%20%7B%0A%20%20%20%20error%20%7B%20code%2C%20message%20%7D%0A%20%20%20%20url%20%7B%0A%20%20%20%20%20%20id%0A%20%20%20%20%7D%0A%20%20%7D%0A%7D&operationName=undefined&variables=",
"pageTimings": {
"onContentLoad": 372.32399999629706,
"onLoad": 371.5449999726843
}
}
],
"entries": [
{
"startedDateTime": "2017-10-24T16:50:40.858Z",
"time": 2.934594996855594,
"request": {
"method": "POST",
"url": "http://localhost:8080/graphql?query=query%20%7B%0A%20%20url(alias%3A%20%22harry%5C%22%22)%20%7B%0A%20%20%20%20error%20%7B%20code%2C%20message%20%7D%0A%20%20%20%20url%20%7B%0A%20%20%20%20%20%20id%0A%20%20%20%20%7D%0A%20%20%7D%0A%7D&operationName=undefined&variables=",
"httpVersion": "HTTP/1.1",
"headers": [
{
"name": "Pragma",
"value": "no-cache"
},
{
"name": "Origin",
"value": "http://localhost:8080"
},
{
"name": "Accept-Encoding",
"value": "gzip, deflate, br"
},
{
"name": "Host",
"value": "localhost:8080"
},
{
"name": "Accept-Language",
"value": "en-US,en;q=0.9"
},
{
"name": "User-Agent",
"value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.62 Safari/537.36"
},
{
"name": "Content-Type",
"value": "application/json"
},
{
"name": "Accept",
"value": "application/json"
},
{
"name": "Cache-Control",
"value": "no-cache"
},
{
"name": "Referer",
"value": "http://localhost:8080/graphql?query=query%20%7B%0A%20%20url(alias%3A%20%22harry%5C%22%22)%20%7B%0A%20%20%20%20error%20%7B%20code%2C%20message%20%7D%0A%20%20%20%20url%20%7B%0A%20%20%20%20%20%20id%0A%20%20%20%20%7D%0A%20%20%7D%0A%7D&operationName=undefined&variables="
},
{
"name": "Connection",
"value": "keep-alive"
},
{
"name": "Content-Length",
"value": "132"
}
],
"queryString": [
{
"name": "query",
"value": "query%20%7B%0A%20%20url(alias%3A%20%22harry%5C%22%22)%20%7B%0A%20%20%20%20error%20%7B%20code%2C%20message%20%7D%0A%20%20%20%20url%20%7B%0A%20%20%20%20%20%20id%0A%20%20%20%20%7D%0A%20%20%7D%0A%7D"
},
{
"name": "operationName",
"value": "undefined"
},
{
"name": "variables",
"value": ""
}
],
"cookies": [],
"headersSize": 938,
"bodySize": 132,
"postData": {
"mimeType": "application/json",
"text": "{\"query\":\"query {\\n url(alias: \\\"harry\\\\\\\"\\\") {\\n error { code, message }\\n url {\\n id\\n }\\n }\\n}\",\"variables\":null}"
}
},
"response": {
"status": 200,
"statusText": "OK",
"httpVersion": "HTTP/1.1",
"headers": [
{
"name": "content-length",
"value": "42"
}
],
"cookies": [],
"content": {
"size": 42,
"mimeType": "text/plain",
"compression": 0
},
"redirectURL": "",
"headersSize": 39,
"bodySize": 42,
"_transferSize": 81
},
"cache": {},
"timings": {
"blocked": 0.437595009687357,
"dns": -1,
"ssl": -1,
"connect": -1,
"send": 0.07499998901039306,
"wait": 0.8650000090710821,
"receive": 3.556999989086762,
"_blocked_queueing": 0.5949999904260039
},
"serverIPAddress": "127.0.0.1",
"connection": "332",
"pageref": "page_1"
}
]
}
}