fix: encode quotation mark in URLs (#1155)

fixes #1154

---------

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

HISTORY.md

@@ -6,6 +6,8 @@ All notable changes to this project will be documented in this file.
 
 <!-- add unreleased items here -->
 
+* Fixed
+  * Encode quotation marks in URLs ([#1154] via [#1155])
 * Build
   * Use _TypeScript_ `v5.6.2` now, was `v5.5.3` (via [#1130]. [#1144])
   * Use _webpack_ `v5.95.0` now, was `v5.93.0` (via [#1138], [#1147])
@@ -14,6 +16,8 @@ All notable changes to this project will be documented in this file.
 [#1138]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1138
 [#1144]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1144
 [#1147]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1147
+[#1154]: https://github.com/CycloneDX/cyclonedx-javascript-library/issues/1154
+[#1155]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1155
 
 ## 6.11.0 -- 2024-07-15
 

src/_helpers/uri.ts

@@ -19,12 +19,14 @@ Copyright (c) OWASP Foundation. All Rights Reserved.
 
 const _ESCAPES: Array<[RegExp, string]> = [
   [/ /g, '%20'],
+  [/"/g, '%22'],
+  [/'/g, '%27'],
   [/\[/g, '%5B'],
   [/]/g, '%5D'],
   [/</g, '%3C'],
   [/>/g, '%3E'],
   [/\{/g, '%7B'],
-  [/}/g, '%7D']
+  [/}/g, '%7D'],
 ]
 
 /**
@@ -34,10 +36,10 @@ const _ESCAPES: Array<[RegExp, string]> = [
  *
  * BEST EFFORT IMPLEMENTATION
  *
- * @see http://www.w3.org/TR/xmlschema-2/#anyURI
- * @see http://www.datypic.com/sc/xsd/t-xsd_anyURI.html
- * @see https://datatracker.ietf.org/doc/html/rfc2396
- * @see https://datatracker.ietf.org/doc/html/rfc3987
+ * @see {@link http://www.w3.org/TR/xmlschema-2/#anyURI}
+ * @see {@link http://www.datypic.com/sc/xsd/t-xsd_anyURI.html}
+ * @see {@link https://datatracker.ietf.org/doc/html/rfc2396}
+ * @see {@link https://datatracker.ietf.org/doc/html/rfc3987}
  */
 export function escapeUri<T extends (string | undefined)> (value: T): T {
   if (value === undefined) {

tests/_data/models.js

@@ -284,6 +284,7 @@ module.exports.createComplexStructure = function () {
             ['encode anyUri: mailto', 'mailto:[email protected]'],
             ['encode anyUri: relative path', '../foo/bar'],
             ['encode anyUri: space', 'https://example.org/foo bar bazz%20again+again'],
+            ['encode anyUri: quotation', `https://example.org/this"test"isa'test'`],
             ['encode anyUri: []', 'https://example.org/?bar[test]=baz[again]'],
             ['encode anyUri: <>', 'https://example.org/#<test><again>'],
             ['encode anyUri: {}', 'https://example.org/#{test}{again}'],