guarantee correct URLs #992
Description
caused by CycloneDX/cyclonedx-webpack-plugin#1239 (comment)
An issue exists, where (invalid) URLs like https://github.com/cssinjs/jss/issues/new?title=[jss-plugin-camel-case] cause trouble.
characters [] are invalid characters to URL standards. they must be url encoded %5B%5D.
possible fix can be done in this library, on normalization time (not in the model).
would not be the first time to fix this ...
see https://github.com/search?q=repo%3ACycloneDX%2Fcyclonedx-php-library+%255B&type=code
similar to CycloneDX/cyclonedx-php-library#35
have all the XML strings that are anyURI somehow fixed before rendering the XML/JSON.
affected elements:
- component.purl
- license.url
- externalReterence.url
- and so on ...
according to XML spec the anyURI needs to conform to https://www.ietf.org/rfc/rfc2396.txt
* @see http://www.w3.org/TR/xmlschema-2/#anyURI
* @see http://www.datypic.com/sc/xsd/t-xsd_anyURI.html
/* URIs require that some characters be escaped with their hexadecimal Unicode code point preceded by the %
* character. This includes non-ASCII characters and some ASCII characters, namely control characters, spaces,
* and the following characters (unless they are used as deliimiters in the URI): <>#%{}|\^`.
* [...]
* The only values that are not accepted are ones that make inappropriate use of reserved characters, such as ones that contain multiple # characters or have % characters that are not followed by two hexadecimal digits.
* -- as of http://www.datypic.com/sc/xsd/t-xsd_anyURI.html
*/