RESOLVED INVALID204127
Inconsistent/lazy encoding of URL.searchParams 
https://bugs.webkit.org/show_bug.cgi?id=204127
Summary Inconsistent/lazy encoding of URL.searchParams
Jim Heising
Reported 2019-11-12 14:47:53 PST
DESCRIPTION: When a window.URL object is created with a URL string that contains search params with non-url-safe characters, they will only be properly encoded after a call is made to any method on the searchParams member. It seems like encoding of search parameters is done lazily, when it should probably be done at object construction time. EXAMPLE: > var myURL = new URL("https://test.com?param1=my{{bad}}param"); > console.log(myURL.toString()); > // Output: https://test.com/?param1=my{{bad}}param > // Note how param1 is not properly encoded > > myURL.searchParams.sort(); // Doesn't seem matter what method is called— we choose sort here... > console.log(myURL.toString()); > // Output: https://test.com/?param1=my%7B%7Bbad%7D%7Dparam > // Note how param1 is now properly encoded
Attachments
Add attachment proposed patch, testcase, etc.
Jim Heising
Comment 1 2019-11-12 15:13:06 PST
It seems like one solution would be to call updateURL() (https://trac.webkit.org/browser/webkit/trunk/Source/WebCore/html/URLSearchParams.cpp#L139) during object construction.
Radar WebKit Bug Importer
Comment 2 2019-11-16 00:11:42 PST
<rdar://problem/57251311>
Alex Christensen
Comment 3 2019-11-22 19:01:49 PST
Our behavior here matches the behavior of Chrome and Firefox and the URL specification. For whatever reason, https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer uses a different set than https://url.spec.whatwg.org/#query-state step 5. Because the behavior of all browsers agrees, you're going to have a hard time changing the specification.
Note You need to log in before you can comment on or make changes to this bug.