Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net/url parseQuery allows semicolon ; to be the separator #22641

Closed
larrycinnabar opened this issue Nov 9, 2017 · 1 comment
Closed

net/url parseQuery allows semicolon ; to be the separator #22641

larrycinnabar opened this issue Nov 9, 2017 · 1 comment
Labels
FrozenDueToAge

Comments

@larrycinnabar
Copy link

larrycinnabar commented Nov 9, 2017
edited

In 2014 W3C Recommandation is said:

Let strings be the result of strictly splitting the string payload on U+0026 AMPERSAND characters (&).

https://www.w3.org/TR/2014/REC-html5-20141028/forms.html#url-encoded-form-data

So, now semicolons are not allowed to be query separators (as it was allowed in 1999 Recommendation).

Golang's net/url.go parseQuery function checks for both symbols:
https://github.com/golang/go/blob/master/src/net/url/url.go#L824

And in this case it's not allowed to use semicolon inside query parameters.

// r *http.Request
q := r.URL.Query()
abc := q.Get("abc")

// &abc=1234;567
// abc will be "1234", but not "1234;567"
@dsnet
Copy link
Member

dsnet commented Nov 9, 2017

See #2210. I'm going to mark this working-as-intended.

The url package does not attempt to be a perfect implementation of RFC 3986, since the internet is full of errant and non-compliant implementations. If a popular enough implementation is non-compliant, it's implementation effectively becomes the "standard" regardless of what the formal specification says.

@dsnet dsnet closed this as completed Nov 9, 2017
@golang golang locked and limited conversation to collaborators Nov 9, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dsnet @larrycinnabar @gopherbot