Sanitize Nightscout token to prevent WebSocket crash on launch#688
Open
bjorkert wants to merge 1 commit into
Open
Sanitize Nightscout token to prevent WebSocket crash on launch#688bjorkert wants to merge 1 commit into
bjorkert wants to merge 1 commit into
Conversation
Strip whitespace, newlines, and control characters from the token before storing it and before opening the WebSocket. A stray character (typically pasted in) produced an invalid percent-encoded query in Socket.IO's URL builder, which traps on iOS 26 and crashed the app on startup. Existing saved tokens are sanitized defensively at connect time.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
LoopFollow crashes on startup (the reporting user has TestFlight 6.2.0, iPad on iOS 26.5) with an
EXC_BREAKPOINT/SIGTRAP fromURLComponents.percentEncodedQuery's setter, reached through Socket.IO'screateURLs()while opening the Nightscout WebSocket inMainViewController.viewDidLoad.The Nightscout WebSocket (Socket.IO) is new in 6.2.0, so this is the first build that exercises this path. Socket.IO builds its connect URL query from the
tokenwe pass inconnectParams, and itsurlEncode()doesn't escape whitespace/control characters. On iOS 26 thepercentEncodedQuerysetter is strict and traps on a string that isn't already valid percent-encoding. So a token holding a stray character (e.g. a trailing newline from a paste) produces an invalid query and crashes the app at launch.Fix
NightscoutUtils.sanitizeToken(_:), which strips whitespace, newlines, and control characters.Verified by the user reporting the issue, it's no longer crashing on startup and works like it should