Possible bug: new URL(...) changes url by decoding %2B and %26

kulla · October 19, 2020, 12:44pm

I noticed that the implementation of URL of the cloudflare worker automatically decodes %2B to + and %26 to &:

console.log( new URL("http://example.com/%2B" ).toString() ) // http://example.com/+
console.log( new URL("http://example.com/%26" ).toString() ) // http://example.com/&

Thus URL changes the passed URL when it contains the characters %2B or %26. This is not the behavior I see when I run the above code in the web console of a browser. In Firefox and Chromium I get:

console.log( new URL("http://example.com/%2B" ).toString() ) // http://example.com/%2B
console.log( new URL("http://example.com/%26" ).toString() ) // http://example.com/%26

This causes a bug in our cloudflare worker when the request url contains %2B or %26. Since we use the URL-interface to rewrite the request url (i.e. changing the domain) these character encodings do not get passed to our backend so that it responses with an error.

Is this a bug in the URL implementation of the cloudflare worker?

arunesh90 · October 19, 2020, 2:08pm

For now it’s best to use a library/polyfill

kulla · October 19, 2020, 3:03pm

Thx for your fast response

system · October 19, 2020, 4:03pm

This topic was automatically closed 60 minutes after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Worker fails if incorrectly encoded % is in the URL Cloudflare Workers	23	5931	April 17, 2024
How to have bare % sign properly encoded Cloudflare Workers	0	19	November 14, 2024
Solve Chinese URL in Workers? Cloudflare Workers	5	2587	January 18, 2021
Worker request.url value strips of trailing & character Cloudflare Workers	7	5361	March 28, 2025
Route for worker Cloudflare Workers	11	2352	March 13, 2021

Possible bug: new URL(...) changes url by decoding %2B and %26

Related topics