Skip to content

fix: preserve unreserved path ID characters#867

Open
zerone0x wants to merge 1 commit into
googleworkspace:mainfrom
zerone0x:fix/issue-842-script-id-encoding-v2
Open

fix: preserve unreserved path ID characters#867
zerone0x wants to merge 1 commit into
googleworkspace:mainfrom
zerone0x:fix/issue-842-script-id-encoding-v2

Conversation

@zerone0x

@zerone0x zerone0x commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

Summary

Fixes #842

Preserve RFC 3986 unreserved characters in path parameter encoding so Apps Script IDs containing - and _ stay valid in script scripts run URLs.

Changes

  • Replace the overly strict NON_ALPHANUMERIC encode set with a path-segment encode set that leaves -, ., _, and ~ intact.
  • Keep URL-structure characters such as /, ?, #, %, @, and = percent-encoded.
  • Add a regression test using the scriptId shape from the issue.

Test Plan

  • cargo fmt -- --check
  • cargo test -q validate::tests::test_encode_path_segment_preserves_unreserved_script_id (blocked in this environment: linker cc is not installed, so Rust build scripts for dependencies fail before tests compile)
  • cargo test -q (same linker blocker)

Fixes googleworkspace#842

Co-Authored-By: bridge <bridge@nousresearch.com>
@changeset-bot

changeset-bot Bot commented Jul 5, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: 20de762

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@gemini-code-assist

Copy link
Copy Markdown
Contributor

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request modifies the URL path segment encoding logic to correctly handle Apps Script IDs. By switching from a strict non-alphanumeric encoding set to one that respects RFC 3986 unreserved characters, the changes ensure that IDs containing hyphens and underscores are not unnecessarily percent-encoded, preventing potential issues with generated API URLs.

Highlights

  • URL Encoding Logic: Updated the encode_path_segment function to use a custom AsciiSet that preserves RFC 3986 unreserved characters (-, ., _, ~) instead of encoding all non-alphanumeric characters.
  • Regression Testing: Added a new test case to verify that Apps Script IDs containing special characters like hyphens and underscores remain unencoded, ensuring compatibility with script execution URLs.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

  1. Review the Generative AI Prohibited Use Policy, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@google-cla

google-cla Bot commented Jul 5, 2026

Copy link
Copy Markdown

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates encode_path_segment to preserve RFC 3986 unreserved characters (-, ., _, ~) during percent-encoding. Feedback suggests defining the encode set by starting from NON_ALPHANUMERIC and removing the unreserved characters, rather than manually building it from CONTROLS. This prevents other characters like ! or & from being left unencoded, which could lead to unexpected behavior.

Comment on lines +280 to +304
use percent_encoding::{utf8_percent_encode, AsciiSet, CONTROLS};

const PATH_SEGMENT_ENCODE_SET: &AsciiSet = &CONTROLS
.add(b' ')
.add(b'"')
.add(b'#')
.add(b'%')
.add(b'<')
.add(b'>')
.add(b'?')
.add(b'`')
.add(b'{')
.add(b'}')
.add(b'/')
.add(b':')
.add(b';')
.add(b'=')
.add(b'@')
.add(b'[')
.add(b'\\')
.add(b']')
.add(b'^')
.add(b'|');

utf8_percent_encode(s, PATH_SEGMENT_ENCODE_SET).to_string()

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

By manually constructing PATH_SEGMENT_ENCODE_SET starting from CONTROLS and adding specific characters, several characters that were previously encoded by NON_ALPHANUMERIC (such as !, $, &, ', (, ), *, +, ,) are now left unencoded. This could lead to unexpected behavior or bugs if a path segment contains these characters (for example, + might be decoded to a space by some servers, or & could be misinterpreted as a query parameter separator).

Instead, we can define PATH_SEGMENT_ENCODE_SET by starting from NON_ALPHANUMERIC and removing the RFC 3986 unreserved characters (-, ., _, ~). This is much cleaner, less error-prone, and ensures all other non-alphanumeric characters remain safely encoded.

Suggested change
use percent_encoding::{utf8_percent_encode, AsciiSet, CONTROLS};
const PATH_SEGMENT_ENCODE_SET: &AsciiSet = &CONTROLS
.add(b' ')
.add(b'"')
.add(b'#')
.add(b'%')
.add(b'<')
.add(b'>')
.add(b'?')
.add(b'`')
.add(b'{')
.add(b'}')
.add(b'/')
.add(b':')
.add(b';')
.add(b'=')
.add(b'@')
.add(b'[')
.add(b'\\')
.add(b']')
.add(b'^')
.add(b'|');
utf8_percent_encode(s, PATH_SEGMENT_ENCODE_SET).to_string()
use percent_encoding::{utf8_percent_encode, AsciiSet, NON_ALPHANUMERIC};
const PATH_SEGMENT_ENCODE_SET: &AsciiSet = &NON_ALPHANUMERIC
.remove(b'-')
.remove(b'.')
.remove(b'_')
.remove(b'~');
utf8_percent_encode(s, PATH_SEGMENT_ENCODE_SET).to_string()

shigechika added a commit to shigechika/gws-mcp that referenced this pull request Jul 6, 2026
build_create_template_url embeds template_id into a query string via
raw format!(), not a .query() builder. encode_path_segment (this PR's
prior commit) deliberately leaves & and + unencoded since both are
legal in a bare path segment — but neither is safe in a query string:
an unencoded & splits the value into two parameters (silently
truncating the intended template_id), and + is commonly decoded
server-side as a space.

validate_resource_name (which template_id passes through first) does
not reject & or +, so this was reachable from --template-id input.
Confirmed by compiling and running url::Url::parse against the actual
encode set before this fix.

Add a fork-local encode_query_value in modelarmor.rs rather than
reusing/exporting validate::encode_path_segment's encode set, so that
function can stay a byte-for-byte match with the upstream fix (googleworkspace#867)
it backports.
shigechika added a commit to shigechika/gws-mcp that referenced this pull request Jul 6, 2026
encode_path_segment percent-encoded every non-alphanumeric character,
including RFC 3986 unreserved characters (-, ., _, ~). This mangled
IDs that legitimately contain them — most visibly Apps Script scriptIds
(base64url-derived, so - and _ are common), producing a URL the Apps
Script Execution API rejects with 404 (upstream googleworkspace#842,
fix already open upstream as PR googleworkspace#867 — this backports the identical
encode set so a future upstream merge stays conflict-free).

Switch from an allowlist (NON_ALPHANUMERIC) to a denylist covering only
characters that can alter URL structure (space, control chars, #, %, /,
:, ?, etc.) — unreserved characters now pass through untouched.

This also fixes a latent bug in the fork's own modelarmor helper: it was
sending region names like "us-central1" as "us%2Dcentral1", which is the
same failure mode as googleworkspace#842.

Updates existing tests whose expectations encoded the old (wrong)
behavior: the path-traversal test now checks the real invariant (`/` is
encoded, so `..` can't reintroduce a path separator) instead of asserting
`..` disappears — `.` is unreserved and intentionally stays visible.
shigechika added a commit to shigechika/gws-mcp that referenced this pull request Jul 6, 2026
build_create_template_url embeds template_id into a query string via
raw format!(), not a .query() builder. encode_path_segment (this PR's
prior commit) deliberately leaves & and + unencoded since both are
legal in a bare path segment — but neither is safe in a query string:
an unencoded & splits the value into two parameters (silently
truncating the intended template_id), and + is commonly decoded
server-side as a space.

validate_resource_name (which template_id passes through first) does
not reject & or +, so this was reachable from --template-id input.
Confirmed by compiling and running url::Url::parse against the actual
encode set before this fix.

Add a fork-local encode_query_value in modelarmor.rs rather than
reusing/exporting validate::encode_path_segment's encode set, so that
function can stay a byte-for-byte match with the upstream fix (googleworkspace#867)
it backports.
shigechika added a commit to shigechika/gws-mcp that referenced this pull request Jul 6, 2026
)

* fix: preserve RFC 3986 unreserved characters in encode_path_segment

encode_path_segment percent-encoded every non-alphanumeric character,
including RFC 3986 unreserved characters (-, ., _, ~). This mangled
IDs that legitimately contain them — most visibly Apps Script scriptIds
(base64url-derived, so - and _ are common), producing a URL the Apps
Script Execution API rejects with 404 (upstream googleworkspace#842,
fix already open upstream as PR googleworkspace#867 — this backports the identical
encode set so a future upstream merge stays conflict-free).

Switch from an allowlist (NON_ALPHANUMERIC) to a denylist covering only
characters that can alter URL structure (space, control chars, #, %, /,
:, ?, etc.) — unreserved characters now pass through untouched.

This also fixes a latent bug in the fork's own modelarmor helper: it was
sending region names like "us-central1" as "us%2Dcentral1", which is the
same failure mode as googleworkspace#842.

Updates existing tests whose expectations encoded the old (wrong)
behavior: the path-traversal test now checks the real invariant (`/` is
encoded, so `..` can't reintroduce a path separator) instead of asserting
`..` disappears — `.` is unreserved and intentionally stays visible.

* fix: encode & and + in modelarmor create-template query value

build_create_template_url embeds template_id into a query string via
raw format!(), not a .query() builder. encode_path_segment (this PR's
prior commit) deliberately leaves & and + unencoded since both are
legal in a bare path segment — but neither is safe in a query string:
an unencoded & splits the value into two parameters (silently
truncating the intended template_id), and + is commonly decoded
server-side as a space.

validate_resource_name (which template_id passes through first) does
not reject & or +, so this was reachable from --template-id input.
Confirmed by compiling and running url::Url::parse against the actual
encode set before this fix.

Add a fork-local encode_query_value in modelarmor.rs rather than
reusing/exporting validate::encode_path_segment's encode set, so that
function can stay a byte-for-byte match with the upstream fix (googleworkspace#867)
it backports.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

script scripts run percent-encodes unreserved characters in scriptId path parameter, causing 404

2 participants