Does this only happen in the UIWebView/WKWebView, or does this also reproduce with Safari?

Reproducible with mobile and desktop Safari.

I cannot reproduce this with Safari 7.1.4 or 8.0.5. How did you test? What I did was save the test to a local file, add <script> tags, prepend "http://127.0.0.1:8000/" to the URL, and check the request with "nc -l 8000".

I have the following HTHL page hosted on AppEngine: <html> <head></head> <body> <button onclick="var xhr = new XMLHttpRequest(); xhr.open('GET', '/?a[]=new'); xhr.send();"> Send XHR </button> </body> </html> After clicking the button I can see the following server side log: [13/Apr/2015:09:35:09 -0700] "GET /?a%5B%5D=new HTTP/1.1" 302 This bug was originally submitted against Chrome for iOS: https://code.google.com/p/chromium/issues/detail?id=444848 I will ask the bug submitter (thomas@tjconcept.dk) to leave a comment for this issue.

I have only tested and reproduced this with success on Chrome for iOS, but I do have a list of user agents that showed the symptom in my server logs: https://code.google.com/p/chromium/issues/attachmentText?id=444848&aid=4448480002000&name=uas&token=ABZ6GAeK2igj_o4gx5sS9H4B6Q30vLvpvQ%3A1428954213832 As far as I remember, Safari did not have this issue, neither desktop or mobile.

Chrome for iOS uses UIWebView. But I also thought that issue is reproducible with Safari 8.0.3 (10600.3.18), since server log for request was like this: "GET /?a%5B%5D=new HTTP/1.1". Sorry, maybe the symbols in logs were escaped.

> Sorry, maybe the symbols in logs were escaped. They shouldn't be. The log exclusively "bad" requests and there are plenty of valid requests (by far the most) alongside these in the real log which are not escaped.

In this case, it would be helpful if Chrome engineers could further isolate the issue. Chrome has an opportunity to modify the URL, as it implements its own networking, so it may be easier for Chrome engineers to check what happens there.

I was not able to reproduce the issue with UIWebView using nc utility. The issue is reproducible with Chrome for iOS. Closing the bug, thank you for quick response.

Created attachment 250674 [details] Test App

The issue happens at NSURLProtocol level. URLRequest passed to canInitWithRequest: has encoded characters. You can use attached app to reproduce the issue: 1.) Build and run attached UIWebView test app 2.) Click/tap on "Send XHR" button 3.) Observe the log: 2015-04-13 14:04:55.151 UIWebView[7993:2115613] request: <NSURLRequest: 0x7f8bba401490> { URL: https://www.google.com/?a%5B%5D=1 } Alexey, do you think it will be better to submit a separate WebKit bug for this issue?

Seems fine to keep tracking it here. This probably means that we take a parsed URL out of CoreFoundation at some point, instead of taking the original string.