Avatar for the withastro user
withastro
astro
BlogDocsChangelog

Performance History

Latest Results

fix(core): allow encoded reserved chars after a literal % (closes #16781) `validateAndDecodePathname` rejected any pathname where decoding produced a different string that still contained `%XX` sequences. That conflated two distinct shapes: /api/%2561dmin -> %25 + 61 (hex pair) -> decodes to %61dmin /uploads/%25%3F -> %25 + %3F (reserved) -> decodes to %%3F Only the first is multi-level encoding. The second is `encodeURIComponent` emitting an encoded literal `%` next to an encoded reserved character, which is a normal output of e.g. `encodeURIComponent('%?.pdf')`. After v6.3.2 (#16556) any dynamic route handling such a path returned 400. Detect multi-level encoding from the pre-decode signature directly: `%25` followed by two hex digits. A `%25` followed by a non-hex byte (`%` or any literal char) is a legitimate encoded `%`, not double encoding. Drops the `decoded !== pathname` second pass; the regex on the input is sufficient and avoids the false positive. Existing double-encoding-bypass coverage stays green: - `/api/%2561dmin` -> 400 (still) - `/api/%2561dmin/%75sers` -> 400 (still) - `/api/%61dmin` -> 401 via middleware (still) - `/api/us%65rs/list` -> 200 (still) Adds one regression test for the reporter's case: `/api/uploads/${encodeURIComponent('%?.pdf')}` reaches the handler with `params.path === 'uploads/%%3F.pdf'`.
truffle-dev:fix/pathname-allow-encoded-reserved-after-25
5 hours ago
Use headElements() to populate context assets for all route types
context-assets
11 hours ago
Expose route asset URLs on middleware context
context-assets
12 hours ago
Re-enable Svelte e2e tests (#16792) * Re-enable Svelte e2e tests now that vite-plugin-svelte supports Vite 8 Svelte's vite-plugin-svelte@6.2.4 now has experimental Vite 8 support. Uncomment all Svelte integrations, component imports, and test skips across 38 e2e fixture and test files. * Fix Svelte Islands persist test: wait for hydration before clicking * Remove empty changeset (test-only change)
next
13 hours ago
Expose route asset URLs on middleware context
context-assets
15 hours ago
Expose route asset URLs on middleware context
context-assets
16 hours ago
Expose route asset URLs on middleware context
context-assets
16 hours ago
Expose route asset URLs on middleware context
context-assets
16 hours ago

Latest Branches

CodSpeed Performance Gauge
0%
fix(core): allow encoded reserved chars after a literal % in pathnames#16799
5 hours ago
4e06318
truffle-dev:fix/pathname-allow-encoded-reserved-after-25
CodSpeed Performance Gauge
-1%
Expose route asset URLs on middleware context#16793
11 hours ago
0ae052b
context-assets
CodSpeed Performance Gauge
×6.2
feat: Astro v7#16488
13 hours ago
ce07fb7
next
© 2026 CodSpeed Technology
Home Terms Privacy Docs