[@polka/url] Incorrect query params parsing when param contains encoded "&"

[hoangvvo]

Consider the url below:

/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DeVTXPUF4Oz4%26list%3DPLlqZM4covn1G3hqrvNwpRy19pGDTYkUK6"

@polka/url parse the above into:

{
  url: 'https://www.youtube.com/watch?v=eVTXPUF4Oz4',
  list: 'PLlqZM4covn1G3hqrvNwpRy19pGDTYkUK6'
}

which is incorrect.

Reproduction

const parser = require("@polka/url");
const querystring = require("querystring");

const url = `/?url=${encodeURIComponent(
  "https://www.youtube.com/watch?v=eVTXPUF4Oz4&list=PLlqZM4covn1G3hqrvNwpRy19pGDTYkUK6"
)}`;

console.log(parser({ url }, true)?.query);
// {
//   url: 'https://www.youtube.com/watch?v=eVTXPUF4Oz4',
//   list: 'PLlqZM4covn1G3hqrvNwpRy19pGDTYkUK6'
// }

const queryparamsstr = url.substring(url.indexOf("?") + 1);
console.log(querystring.parse(queryparamsstr));
// [Object: null prototype] {
//   url: 'https://www.youtube.com/watch?v=eVTXPUF4Oz4&list=PLlqZM4covn1G3hqrvNwpRy19pGDTYkUK'
// }

[hoangvvo]

https://github.com/lukeed/polka/blob/3b4d86630f96083a041634421d11d8b2818a8b34/packages/url/index.js#L32

This line decode the url too early causing the encoded & to turn into a param separator.

[istarkov]

Also incorrect query param parsing if param contains + i.e '?prop=a+b' must be parsed as { prop: 'a b'}