add encodeURI

src/client/js/components/PageCreateModal.jsx

@@ -70,14 +70,14 @@ const PageCreateModal = (props) => {
     if (tmpTodayInput1 === '') {
       tmpTodayInput1 = t('Memo');
     }
-    window.location.href = urljoin(userPageRootPath, tmpTodayInput1, now, todayInput2, '#edit');
+    window.location.href = encodeURI(urljoin(userPageRootPath, tmpTodayInput1, now, todayInput2, '#edit'));
   }
 
   /**
    * access input page
    */
   function createInputPage() {
-    window.location.href = urljoin(pageNameInput, '#edit');
+    window.location.href = encodeURI(urljoin(pageNameInput, '#edit'));
   }
 
   /**
@@ -85,7 +85,7 @@ const PageCreateModal = (props) => {
    */
   function createTemplatePage() {
     const pageName = (template === 'children') ? '_template' : '__template';
-    window.location.href = urljoin(parentPath, pageName, '#edit');
+    window.location.href = encodeURI(urljoin(parentPath, pageName, '#edit'));
   }
 
   return (

src/client/js/services/PageContainer.js

@@ -31,7 +31,7 @@ export default class PageContainer extends Container {
     }
 
     const revisionId = mainContent.getAttribute('data-page-revision-id');
-    const path = decodeURI(mainContent.getAttribute('data-path'));
+    const path = mainContent.getAttribute('data-path');
 
     this.state = {
       // local page data

src/server/views/widget/page_content.html

@@ -1,6 +1,6 @@
 {% if page %}
 <div id="content-main" class="content-main"
-  data-path="{{ encodeURI(page.path) }}"
+  data-path="{{ page.path | preventXss | escape }}"
   data-current-user="{% if user %}{{ user._id.toString() }}{% endif %}"
   data-page-id="{% if page %}{{ page._id.toString() }}{% endif %}"
   data-page-revision-id="{% if revision %}{{ revision._id.toString() }}{% endif %}"