[SECURITY] MEDIUM: Insufficient URL encoding on --search parameter #6

New Issue

shoko · 2026-03-25T10:38:26+01:00

shoko commented

2026-03-25 10:38:26 +01:00

Severity: MEDIUM

The --search argument is only sanitized with .replace(' ', '%20'). Other URL-sensitive characters (#, ?, &, %, +, etc.) are not properly URL-encoded.

Location

scripts/browse.py line 39 (fetch_page())

Attack Scenario

--search "Team#A"  -> URL becomes ?q=Team#A&limit=50...
# Everything after # is treated as URL fragment, not part of the query

Recommended Fix

from urllib.parse import quote

def fetch_page(q, page=1, ...):
    encoded_q = quote(q, safe='')
    url = (f"{base}?q={encoded_q}&limit={PAGE_SIZE}&page={page}"
           ...)

Reference

See reviews/2026-03-25.md Section 6.4

## Severity: MEDIUM The `--search` argument is only sanitized with `.replace(' ', '%20')`. Other URL-sensitive characters (`#`, `?`, `&`, `%`, `+`, etc.) are not properly URL-encoded. ## Location `scripts/browse.py` line 39 (`fetch_page()`) ## Attack Scenario ```bash --search "Team#A" -> URL becomes ?q=Team#A&limit=50... # Everything after # is treated as URL fragment, not part of the query ``` ## Recommended Fix ```python from urllib.parse import quote def fetch_page(q, page=1, ...): encoded_q = quote(q, safe='') url = (f"{base}?q={encoded_q}&limit={PAGE_SIZE}&page={page}" ...) ``` ## Reference See `reviews/2026-03-25.md` Section 6.4

shoko added the medium security labels 2026-03-25 10:38:26 +01:00

shoko referenced this issue

2026-03-25 10:40:34 +01:00

[SECURITY] polymarket-browse: Security Audit Tracking (2026-03-25) #3

shoko closed this issue

2026-03-27 04:10:03 +01:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: shoko/jujutsu-skills#6