Fix encoding consistency with sorted and non-sorted URL parameters #158
Conversation
|
This really sounds like a WHATWG URL bug. It should always be consistent about encoding whether or not |
index.js
Outdated
| @@ -208,6 +208,11 @@ export default function normalizeUrl(urlString, options) { | |||
| urlObject.searchParams.sort(); | |||
| } | |||
|
|
|||
| // Decode query parameters | |||
| try { | |||
| urlObject.search = decodeURIComponent(urlObject.search); | |||
There was a problem hiding this comment.
Since the search components are decoded when .sort() is not called, this will potentially decode encoded character where the encoding is meant to be preserved. You could potentially only decode when !options.sortQueryParameters, but I think the encoding inconsistency is a bug in the URL implementation and it would be risky to depend on it staying like that.
I can reproduce it in Firefox and Chrome too! And it seems the issue is well known: whatwg/url#491:
|
|
See also whatwg/url#478 where they decide to keep the current |
There's no easy way to avoid it as we need to keep the sort support and I don't want to bring in another library just for that. |
I guess this is the best option then. |
Only decode when the parameters have been sorted.
I've pushed an additional commit to check if the parameters have been sorted before decoding. |
sindresorhus
changed the title
|
The current behavior of
|
|
@psamusev It's better to open a new issue instead of commenting on an old pull request. Submitting a failing test would be even better. |
Fix #149
Currently
normalize-urlencodes URL parameters whensortQueryParametersistrueand leaves them as they are when not. This behaviour is confusing as a user would not expect sorting the parameters to affect the encoding. This PR tries to ensure the search parameters are always decoded, sincenormalize-urlalready always decodes the pathname and does not intend to sanitize the URL;normalize-url/index.js
Line 160 in 6ea4038