- From: Rimas Misevičius <notifications@github.com>
- Date: Fri, 19 Jan 2018 08:45:47 +0000 (UTC)
- To: whatwg/url <url@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 19 January 2018 08:46:09 UTC
> 1. The URL Parser would be updated to decode any percent-encode sequences in the unreserved set. This fixes equivalence because "%61" would decode to "a", and thus "a" would be equivalent to "%61". I would like to say, that sometimes this decoding can be dangerous, see https://github.com/whatwg/url/issues/87#issuecomment-255162169 : > ... > I disagree with this proposal and rfc3986 because I think a canonicalized URL should always be untouched when reparsed. With this proposal, "http://host/%%36%31" would be canonicalized to "http://host/%61" which when reparsed would become "http://host/a" which is bad. Right now Chrome percent-encodes the first '%' in "http://host/%%36%31" which is strange, and Edge throws an exception. > ... It's problematic because alone `%` are still allowed. I think the problem can be solved by percent encoding `%` to `%25` when it isn't part of valid percent encode sequence (see issue: https://github.com/whatwg/url/issues/170), but this can be problematic as well, see bug: https://bugzilla.mozilla.org/show_bug.cgi?id=61269 -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/url/issues/369#issuecomment-358902320
Received on Friday, 19 January 2018 08:46:09 UTC