Amazon image links corrupted after normalization

[exentrich]

In version 5.3.0 such URL: https://images-na.ssl-images-amazon.com/images/I/41kaOFDXzSL._SR600%2c315_PIWhiteStrip%2cBottomLeft%2c0%2c35_PIStarRatingFOURANDHALF%2cBottomLeft%2c360%2c-6_SR600%2c315_ZA81%252C561%2c445%2c290%2c400%2c400%2cAmazonEmberBold%2c12%2c4%2c0%2c0%2c5_SCLZZZZZZZ_FMpng_BG255%2c255%2c255.jpg

become: https://images-na.ssl-images-amazon.com/images/I/41kaOFDXzSL._SR600%2c315_PIWhiteStrip%2cBottomLeft%2c0%2c35_PIStarRatingFOURANDHALF%2cBottomLeft%2c360%2c-6_SR600%2c315_ZA81%2C561%2c445%2c290%2c400%2c400%2cAmazonEmberBold%2c12%2c4%2c0%2c0%2c5_SCLZZZZZZZ_FMpng_BG255%2c255%2c255.jpg

The first one working great, but second is not. I'm using normalize-url without any options.

For some reason two characters from original URL are stripped of in normalized version:

[SimonJang]

@exentrich @sindresorhus I've investigated this issue and it's not a bug in normalize-url but an issue in the provided url.

Part of the normalization process in normalize-url is to use decodeURI. This will decode %25 as % since % is encoded as %25. It's also mentioned here https://datatracker.ietf.org/doc/html/rfc1738 as being unsafe.

You can test the example in this example https://stackblitz.com/edit/repro-normalize-url-iss125?file=index.js