/users?filter={"where": {"name": {"like": "%ad%"} }} does not work on LB4

[iury123]

Steps to reproduce

Current Behavior

Expected Behavior

Link to reproduction sandbox

Additional information

Related Issues

See Reporting Issues for more tips on writing good issues

[iury123]

/users?filter={"where": {"name": {"like": "%ad%"} }} does not work because %ad% is an unknown character when the url is decoded. If I provide anything else such as %Jo%, it works. Only %ad% is not working. Can anybody help me to figure out the solution for it? I am working on loopback 4.

[jannyHou]

reproduced the error, looking. words that begin with the first few letters(abcdef) are failing too.
thrown from the parseJson function

[iury123]

@jannyHou Try users?filter={"where": {"name": {"like": "%25admin%25"} }}. It has worked here.

[jannyHou]

@iury123 👍

Looks like JSON.parse() cannot parse encoded query string, like "%7B%22where%22:%20%7B%22name%22:%20%7B%22like%22:%20%22%ad%25%22%7D%20%7D%7D".
Tried other parsers like 'query-string' and
querystring, they are able to decode the string.

For query like /users?filter={"where": {"name": {"like": "%ad%"} }} , when the request comes in, the filter in query is encoded from the beginning before parsing happens.
But for normal queries like /users?filter={"where": {"name": {"like": "%25admin%25"} }} the filter query string is a decoded one "{"where": {"name": {"like": "%admin%"} }}"

I am not sure why there is a difference, due to the limit of #3770 I tried the endpoints with postman. Should we switch to other parsers like querystring in @loopback/rest?

cc @strongloop/loopback-maintainers thought?

[hacksparrow]

Whatever is parsing %admin% is reading the first three characters and interpreting it as the unprintable character represented by AD in hexadecimal (let's use ▪︎ to represent it), so the string becomes ▪︎min% from %admin%.

I don't think we should change the parser. Interpreting encoding and intend is a very complex task, we never know what new problems a new parser might introduce. Let's keep the current one but make the instructions clear: Kindly encode all special characters, like how @iury123 has done {"where": {"name": {"like": "%25admin%25"} }}.

words that begin with the first few letters(abcdef) are failing too.

They belong to the hexadecimal set, that's why. %jon%, %zebra, etc., will work because there is no confusion whether the input should be read as hex or not.

[bajtos]

You need to url-encode values in the query string. This is usually done for you automatically when using tools like request or creating the query string via url.format.

Here are the instructions for creating the URL manually:

1. Convert your filter object to JSON via JSON.stringify
2. Call encodeURIComponent to escape any special characters
3. Add the value to your query string.

const filter = {where: {name: {like: '%ad%'}}};
const search = `filter=${encodeURIComponent(JSON.stringify(filter))}`;
const url = `http://localhost:3000/products?${search}`;