fix(react-router): don't throw if the url hash is not a valid URI component

[vezaynk]

Some tooling might pass arbitrary strings in the window.location.hash. React Router should not crash if the value is not decodable.

In our case, for example, a user interacted with a URL that Datadog injected some tracking info into and the call turned to:

decodeURIComponent("targetindividualusers---input-raw%20:9999%20--output-http%20OVERRIDE_TARGET|OVERRIDE_PERCENT%%20--http-rewrite-url%20v5/onboarding:v6/interstitials%20--http-set-header%20X-Datadog-Parent-Id:%20--http-set-header%20X-Datadog-Trace-Id:%20--http-set-header%20X-Datadog-Sampling-Priority:1%20--http-allow-url%20/content/v5/onboarding")

...which crashed the view with the following error:

Uncaught URIError: malformed URI sequence 

To avoid this in the future, I would like to suggest that a failure to decode the portion of the URL be preventing from throwing, by wrapping in a try-catch.

[changeset-bot]

🦋 Changeset detected

Latest commit: 6551f5d

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 11 packages

Name	Type
react-router	Patch
@react-router/architect	Patch
@react-router/cloudflare	Patch
@react-router/dev	Patch
react-router-dom	Patch
@react-router/express	Patch
@react-router/node	Patch
@react-router/serve	Patch
@react-router/fs-routes	Patch
@react-router/remix-routes-option-adapter	Patch
create-react-router	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[remix-cla-bot]

Hi @vezaynk,

Welcome, and thank you for contributing to React Router!

Before we consider your pull request, we ask that you sign our Contributor License Agreement (CLA). We require this only once.

You may review the CLA and sign it by adding your name to contributors.yml.

Once the CLA is signed, the CLA Signed label will be added to the pull request.

If you have already signed the CLA and received this response in error, or if you have any questions, please contact us at hello@remix.run.

Thanks!

- The Remix team

[remix-cla-bot]

Thank you for signing the Contributor License Agreement. Let's get this merged! 🥳

[timdorr]

This needs to be based against the dev branch, per our contribution guidelines: https://github.com/remix-run/react-router/blob/main/docs/community/contributing.md I updated the branch on the PR. Can you rebase and force-push to update on your end?

[vezaynk]

@timdorr Done!

[vezaynk]

@timdorr Could this get a ✅? This fixes a real bug for my team.

[vezaynk]

@timdorr Does this PR need anything else to be merged? It looks like merging is restricted to members only. 😁

[timdorr]

Just a review by a core team member, as per our governance policy: https://github.com/remix-run/react-router/blob/main/GOVERNANCE.md#bugissue-process

[brophdawg11]

Could you add a changeset?

[vezaynk]

@brophdawg11 Done!

[github-actions]

🤖 Hello there,

We just published version 7.7.0-pre.0 which includes this pull request. If you'd like to take it for a test run please try it out and let us know what you think!

Thanks!

[github-actions]

🤖 Hello there,

We just published version 7.7.0 which includes this pull request. If you'd like to take it for a test run please try it out and let us know what you think!

Thanks!