search

websanova / js-url

url() - A simple, lightweight url parser for JavaScript
http://www.websanova.com
MIT License
1.93k stars 204 forks source link

double decoding resulting in incorrect params when query string contains any of URL-encoding characters #29

Closed Parth-Brahmbhatt closed 10 years ago

Parth-Brahmbhatt commented 10 years ago

The library seems to be performing double decoding when user tries to access param or attr method.

How to reproduce: I just used chrome console:

$.getScript('/js/purl.js') var test='http://localhost:8080?id=test%255Ftest'; //where test%255Ftest is "test%5Ftest" encoded purl(test, true).param('id'); //outputs test_test

The first decoding during parseURI phase produces correct param test%test but then it goes onto create the param list in following line

uri.param['query'] = parseString(uri.attr['query']);

parseString internally again calls decodeURI, %5F is URL encoded '_' so the final result is 'test_test'.

in summary

test%5Ftest -> encode -> test%255Ftest -> decode() Line 40 -> test%5Ftest -> decode Line 131 -> results in test_test.

Parth-Brahmbhatt commented 10 years ago

sorry intended to open it against purl.js . resolving.