Closed broomfn closed 1 year ago
There seems to be some confusion as to whether ; is a valid URL character or should be encoded:
https://github.com/traefik/traefik/issues/9164
It all seems to be caused by this security issue:
https://www.oxeye.io/resources/golang-parameter-smuggling-attack
Perhaps an option to encode semicolons as %3B would be useful?
Hi @broomfn
The url encoding uses the angular codec. Maybe create your own implementation of HttpParameterCodec
HttpParameterCodec
https://github.com/angular/angular/blob/6f5dabe0d25a5660b7c3001041449b4622dd8924/packages/common/http/src/params.ts#L108
Many thanks @diegomvh , that's very helpful, I'll take a look at that, cheers 👍
There seems to be some confusion as to whether ; is a valid URL character or should be encoded:
https://github.com/traefik/traefik/issues/9164
It all seems to be caused by this security issue:
https://www.oxeye.io/resources/golang-parameter-smuggling-attack
Perhaps an option to encode semicolons as %3B would be useful?