From 94f74308d8242067a394b095b8168194b5bdd847 Mon Sep 17 00:00:00 2001
From: Paul Bottein <paul.bottein@gmail.com>
Date: Wed, 28 Feb 2024 14:29:00 +0100
Subject: [PATCH] Escape special characters of automation ID in URL (#19790)

* Escape special character of automation ID in URL

* Use encodeURIComponent
---
 src/panels/config/areas/ha-config-area-page.ts       |  2 +-
 src/panels/config/automation/ha-automation-editor.ts | 10 ++++++++--
 src/panels/config/automation/ha-automation-picker.ts | 10 +++++++---
 src/panels/config/automation/ha-automation-trace.ts  |  8 ++++++--
 src/panels/config/devices/ha-config-device-page.ts   |  2 +-
 5 files changed, 23 insertions(+), 9 deletions(-)

diff --git a/src/panels/config/areas/ha-config-area-page.ts b/src/panels/config/areas/ha-config-area-page.ts
index 18ce4dd5b915..64b05b126b13 100644
--- a/src/panels/config/areas/ha-config-area-page.ts
+++ b/src/panels/config/areas/ha-config-area-page.ts
@@ -568,7 +568,7 @@ class HaConfigAreaPage extends LitElement {
       <a
         href=${ifDefined(
           entityState.attributes.id
-            ? `/config/automation/edit/${entityState.attributes.id}`
+            ? `/config/automation/edit/${encodeURIComponent(entityState.attributes.id)}`
             : undefined
         )}
       >
diff --git a/src/panels/config/automation/ha-automation-editor.ts b/src/panels/config/automation/ha-automation-editor.ts
index 04343c20ec16..11571368c4ff 100644
--- a/src/panels/config/automation/ha-automation-editor.ts
+++ b/src/panels/config/automation/ha-automation-editor.ts
@@ -172,7 +172,11 @@ export class HaAutomationEditor extends KeyboardShortcutMixin(LitElement) {
           </ha-list-item>
 
           ${stateObj && this._config && this.narrow
-            ? html`<a href="/config/automation/trace/${this._config.id}">
+            ? html`<a
+                href="/config/automation/trace/${encodeURIComponent(
+                  this._config.id!
+                )}"
+              >
                 <ha-list-item graphic="icon">
                   ${this.hass.localize(
                     "ui.panel.config.automation.editor.show_trace"
@@ -563,7 +567,9 @@ export class HaAutomationEditor extends KeyboardShortcutMixin(LitElement) {
     if (this._config?.id) {
       const result = await this.confirmUnsavedChanged();
       if (result) {
-        navigate(`/config/automation/trace/${this._config.id}`);
+        navigate(
+          `/config/automation/trace/${encodeURIComponent(this._config.id)}`
+        );
       }
     }
   }
diff --git a/src/panels/config/automation/ha-automation-picker.ts b/src/panels/config/automation/ha-automation-picker.ts
index 3bb5802c7dd3..db23980b2dd3 100644
--- a/src/panels/config/automation/ha-automation-picker.ts
+++ b/src/panels/config/automation/ha-automation-picker.ts
@@ -435,7 +435,9 @@ class HaAutomationPicker extends LitElement {
       });
       return;
     }
-    navigate(`/config/automation/trace/${automation.attributes.id}`);
+    navigate(
+      `/config/automation/trace/${encodeURIComponent(automation.attributes.id)}`
+    );
   }
 
   private async _toggle(automation): Promise<void> {
@@ -530,9 +532,11 @@ class HaAutomationPicker extends LitElement {
     );
 
     if (automation?.attributes.id) {
-      navigate(`/config/automation/edit/${automation.attributes.id}`);
+      navigate(
+        `/config/automation/edit/${encodeURIComponent(automation.attributes.id)}`
+      );
     } else {
-      navigate(`/config/automation/show/${ev.detail.id}`);
+      navigate(`/config/automation/show/${encodeURIComponent(ev.detail.id)}`);
     }
   }
 
diff --git a/src/panels/config/automation/ha-automation-trace.ts b/src/panels/config/automation/ha-automation-trace.ts
index c752e562edc2..cd52275ed779 100644
--- a/src/panels/config/automation/ha-automation-trace.ts
+++ b/src/panels/config/automation/ha-automation-trace.ts
@@ -106,7 +106,9 @@ export class HaAutomationTrace extends LitElement {
           ? html`
               <a
                 class="trace-link"
-                href="/config/automation/edit/${stateObj.attributes.id}"
+                href="/config/automation/edit/${encodeURIComponent(
+                  stateObj.attributes.id
+                )}"
                 slot="toolbar-icon"
               >
                 <mwc-button>
@@ -140,7 +142,9 @@ export class HaAutomationTrace extends LitElement {
             ? html`
                 <a
                   class="trace-link"
-                  href="/config/automation/edit/${stateObj.attributes.id}"
+                  href="/config/automation/edit/${encodeURIComponent(
+                    stateObj.attributes.id
+                  )}"
                 >
                   <mwc-list-item graphic="icon">
                     ${this.hass.localize(
diff --git a/src/panels/config/devices/ha-config-device-page.ts b/src/panels/config/devices/ha-config-device-page.ts
index 5179d3b2ca21..4ea0dd37d235 100644
--- a/src/panels/config/devices/ha-config-device-page.ts
+++ b/src/panels/config/devices/ha-config-device-page.ts
@@ -431,7 +431,7 @@ export class HaConfigDevicePage extends LitElement {
                             <a
                               href=${ifDefined(
                                 entityState.attributes.id
-                                  ? `/config/automation/edit/${entityState.attributes.id}`
+                                  ? `/config/automation/edit/${encodeURIComponent(entityState.attributes.id)}`
                                   : undefined
                               )}
                             >