-
Notifications
You must be signed in to change notification settings - Fork 266
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Normalization: don't decode percent-encoded reserved characters #366
Comments
Sounds correct to me that percent-encoded reserved characters (in path and query) should not be decoded, from https://www.rfc-editor.org/rfc/rfc3986#section-6.2.2.2 (linked from the SO post)
Why did you write |
This was a very long time ago but I believe I referred to sub-delims since that was the most specific group |
Given the following example URL:
normalization changes
overlay-align=bottom%2Cleft
tooverlay-align=bottom,left
.Looks harmless but this change results in getting a 401 response instead of the image itself.
Looking at the RFC, I believe this deviates from the spec which (to my understanding) suggests
sub-delims
should not be decoded in the normalization process.This SO post supports that. I came across #320 which touches on the same issue.
Please correct me if I'm reading this wrong 👍
Duplicates of this issues:
#
(%23
) #295normalized_encode
incorrectly unencodes%26
to&
#424normalized_encode
incorrectly replaces%3A
and%2F
in path #472conservative_normalize!
#475Maintainer notes:
The text was updated successfully, but these errors were encountered: