- From: achristensen07 <notifications@github.com>
- Date: Mon, 16 Oct 2017 11:23:11 -0700
- To: whatwg/url <url@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 16 October 2017 18:23:33 UTC
This is needed for compatibility, and it makes some injection attacks harder by preventing ' from being sent to the server.
Chrome, Firefox, and Safari all have this behavior. I haven't tested Edge or IE. This can be verified as simply as this:
alert(new URL("http://host/pa'th?qu'ery#fra'gment"));
alert(new URL("asdf://host/pa'th?qu'ery#fra'gment"));
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/url/issues/348
Received on Monday, 16 October 2017 18:23:33 UTC