url: Improve WHATWG URLSearchParams spec compliance #9484
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nodejs-github-bot
added
the
url
|
/cc @jasnell |
|
Awesome! I won't have a chance to review in depth until Monday but it's awesome to see you jump in on this. Thank you! |
TimothyGu
force-pushed
the
urlsearchparams
branch
from
20a610e to
3c099fa
Compare
TimothyGu
commented
Nov 6, 2016
| update(this, search); | ||
| this[searchParams][searchParams] = querystring.parse(this.search); | ||
| this[searchParams][searchParams] = querystring.parse(this[context].query); |
There was a problem hiding this comment.
This line is more for consistency with the constructor and cosmetics than anything else: it's a bit odd to see the property being read in its setter.
TimothyGu
changed the title
|
About making
While the standard says to:
which essentially means to skip all instances of leading, trailing, or consecutive ampersands, querystring treats it as querystring.parse('')
// => ✓ {}
querystring.parse('&')
// => ✗ { '': '' }
// => Expected: {}
querystring.parse('=')
// => ✓ { '': '' }
querystring.parse('&=')
// => ✗ { '': [ '', '' ] }
// => Expected: { '': '' }
querystring.parse('&&')
// => ✗ { '': [ '', '' ] }
// => Expected: {}
querystring.parse('&&=')
// => ✗ { '': [ '', '', '' ] }
// => Expected: { '': '' }
// In Chrome 55 with #enable-experimental-web-platform-features
[...new URLSearchParams('')]
// => ✓ []
[...new URLSearchParams('&')]
// => ✓ []
[...new URLSearchParams('=')]
// => ✓ [ [ '', '' ] ]
[...new URLSearchParams('&=')]
// => ✓ [ [ '', '' ] ]
[...new URLSearchParams('&&')]
// => ✓ []
[...new URLSearchParams('&&=')]
// => ✓ [ [ '', '' ] ]
const { URL } = require('url')
// '\dc00' is an unpaired trail Unicode surrogate
const url = new URL('https://asdf.com/?a=\udc00asdf')
url.search
// => '?a=%EF%BF%BDasdf'
// This is correct: `%EF%BF%BD` corresponds to U+FFFD REPLACEMENT CHARACTER,
// as stipulated by the Web IDL spec:
// https://heycam.github.io/webidl/#dfn-obtain-unicode
url.searchParams.set('a', '\udc00asdf')
url.search
// => '?a=%F0%90%81%A1sdf'
// Here a URL with an invalid Unicode string results, as there isn't a check for
// unpaired surrogates in the userland JS code.
url.search = 'a=\udc00asdf'
url.search
// => '?a=%EF%BF%BDasdf'
// search's setter forces a reparse, so C++ code's Unicode
// sanitation kicks in hereSo in addition to making the querystring module conformant to WHATWG standards, this issue would have to be fixed somehow, either by doing some string wizardry in JS or add a C++ binding for sanitizing. |
|
Yep, you're absolutely right. In the initial implementation I decided to punt on 100% compliance with the URLSearchParams in order to get it landed, knowing that we could continue to iterate on it while the feature was still experimental. My plan has been to move the processing into the node_url.cc native code to echo the main URL parsing. |
TimothyGu
force-pushed
the
urlsearchparams
branch
from
3c099fa to
9795284
Compare
|
@jasnell, have you gotten a chance to look at this PR? |
|
I have not and I am sorry. I have been in Tokyo for nodefest and have been On Mon, Nov 14, 2016 at 7:32 AM Timothy Gu notifications@github.com wrote:
|
|
@jasnell, ping. |
TimothyGu
force-pushed
the
urlsearchparams
branch
2 times, most recently
from
d04241e to
fe08218
Compare
|
Just a heads up, in case anyone is interested I've reimplemented the core parsing and serializing routine in C++, in TimothyGu/node@urlsearchparams...urlsearchparams-cpp. I will submit a PR for that after this one is merged. |
|
@TimothyGu ... I've taken an initial look at things look good but have not yet had the opportunity to do a proper complete review. Haven't forgotten about it tho! |
TimothyGu
force-pushed
the
urlsearchparams
branch
4 times, most recently
from
9754f70 to
796213f
Compare
- Make URLSearchParams constructor spec-compliant - Strip leading `?` in URL#search's setter - Spec-compliant iterable interface - More precise handling of update steps as mandated by the spec - Add class strings to URLSearchParams objects and their prototype - Make sure `this instanceof URLSearchParams` in methods Also included are relevant tests from W3C's Web Platform Tests (https://github.com/w3c/web-platform-tests/tree/master/url). Fixes: nodejs#9302
TimothyGu
force-pushed
the
urlsearchparams
branch
from
796213f to
8ea0a65
Compare
|
@jasnell, ping 3x... |
jasnell
approved these changes
Dec 4, 2016
|
@TimothyGu ... things look good except for a couple of linter nits. Can you run |
italoacasas
pushed a commit
that referenced
this pull request
Dec 7, 2016
- Make URLSearchParams constructor spec-compliant - Strip leading `?` in URL#search's setter - Spec-compliant iterable interface - More precise handling of update steps as mandated by the spec - Add class strings to URLSearchParams objects and their prototype - Make sure `this instanceof URLSearchParams` in methods Also included are relevant tests from W3C's Web Platform Tests (https://github.com/w3c/web-platform-tests/tree/master/url). Fixes: #9302 PR-URL: #9484 Reviewed-By: James M Snell <jasnell@gmail.com>
|
Not in 7.2.1? It's not in the changelog, anyway. |
Fishrock123
pushed a commit
that referenced
this pull request
Dec 13, 2016
- Make URLSearchParams constructor spec-compliant - Strip leading `?` in URL#search's setter - Spec-compliant iterable interface - More precise handling of update steps as mandated by the spec - Add class strings to URLSearchParams objects and their prototype - Make sure `this instanceof URLSearchParams` in methods Also included are relevant tests from W3C's Web Platform Tests (https://github.com/w3c/web-platform-tests/tree/master/url). Fixes: #9302 PR-URL: #9484 Reviewed-By: James M Snell <jasnell@gmail.com>
Merged
italoacasas
added a commit
that referenced
this pull request
Dec 15, 2016
Notable changes: - buffer: - fix single-character string filling (Anna Henningsen) #9837 - handle UCS2.fill() properly on BE (Anna Henningsen) #9837 - url: - including base argument in originFor (joyeecheung) #10021 - improve URLSearchParams spec compliance (Timothy Gu) #9484 - http: - remove stale timeout listeners (Karl Böhlmark) #9440 - build: - fix node_g target (Daniel Bevenius) #10153 PR-URL: #10277
italoacasas
added a commit
that referenced
this pull request
Dec 15, 2016
Notable changes
SEMVER-MINOR
- url:
- add inspect function to TupleOrigin (Safia Abdalla) #10039
- crypto:
- allow adding extra certs to well-known CAs (Sam Roberts) #9139
SEMVER-PATCH
- buffer:
- fix single-character string filling (Anna Henningsen) #9837
- handle UCS2 .fill() properly on BE (Anna Henningsen) #9837
- url:
- including base argument in originFor (joyeecheung) #10021
- improve URLSearchParams spec compliance (Timothy Gu) #9484
- http:
- remove stale timeout listeners (Karl Böhlmark) #9440
- build:
- fix node_g target (Daniel Bevenius) #10153
- fs:
- remove unused argument from copyObject() (Ethan Arrowood) #10041
- timers:
- fix handling of cleared immediates (hveldstra) #9759
PR-URL: #10277
italoacasas
added a commit
that referenced
this pull request
Dec 17, 2016
Notable changes:
* **crypto**:
- Allow adding extra certificates to well-known CAs. (Sam Roberts)
[#9139](#9139)
* **buffer**:
- Fix single-character string filling. (Anna Henningsen)
[#9837](#9837)
- Handle UCS2 `.fill()` properly on BE. (Anna Henningsen)
[#9837](#9837)
* **url**:
- Add inspect function to TupleOrigin. (Safia Abdalla)
[#10039](#10039)
- Including base argument in originFor. (joyeecheung)
[#10021](#10021)
- Improve URLSearchParams spec compliance. (Timothy Gu)
[#9484](#9484)
* **http**:
- Remove stale timeout listeners. (Karl Böhlmark)
[#9440](#9440)
* **build**:
- Fix node_g target. (Daniel Bevenius)
[#10153](#10153)
* **fs**:
- Remove unused argument from copyObject(). (EthanArrowood)
[#10041](#10041)
* **timers**:
- Fix handling of cleared immediates. (hveldstra)
[#9759](#9759)
* **src**:
- Add wrapper for process.emitWarning(). (SamRoberts)
[#9139](#9139)
- Fix string format mistake for 32 bit node.(Alex Newman)
[#10082](#10082)
italoacasas
added a commit
that referenced
this pull request
Dec 19, 2016
Notable changes:
* **crypto**: The built-in list of Well-Known CAs (Certificate Authorities) can now
be extended via a NODE_EXTRA_CA_CERTS environment variable. (Sam Roberts)
[#9139](#9139)
* **buffer**: buffer.fill() now works properly for the UCS2 encoding on Big-Endian
machines. (Anna Henningsen) [#9837](#9837)
* **url**:
- Including base argument in URL.originFor() to meet specification compliance. (joyeecheung)
[#10021](#10021)
- Improve URLSearchParams to meet specification compliance. (Timothy Gu)
[#9484](#9484)
* **http**: Remove stale timeout listeners in order to prevent a memory leak when using
keep alive. (Karl Böhlmark) [#9440](#9440)
cjihrig
added a commit
to cjihrig/node
that referenced
this pull request
Dec 20, 2016
Notable changes:
* buffer:
- buffer.fill() now works properly for the UCS2 encoding on
Big-Endian machines.
(Anna Henningsen) nodejs#9837
* cluster:
- disconnect() now returns a reference to the disconnected
worker. (Sean Villars)
nodejs#10019
* crypto:
- The built-in list of Well-Known CAs (Certificate Authorities)
can now be extended via a NODE_EXTRA_CA_CERTS environment
variable. (Sam Roberts)
nodejs#9139
* http:
- Remove stale timeout listeners in order to prevent a memory leak
when using keep alive. (Karl Böhlmark)
nodejs#9440
* tls:
- Allow obvious key/passphrase combinations. (Sam Roberts)
nodejs#10294
* url:
- Including base argument in URL.originFor() to meet specification
compliance. (joyeecheung)
nodejs#10021
- Improve URLSearchParams to meet specification compliance.
(Timothy Gu) nodejs#9484
PR-URL: nodejs#10277
cjihrig
added a commit
to cjihrig/node
that referenced
this pull request
Dec 20, 2016
Notable changes:
* buffer:
- buffer.fill() now works properly for the UCS2 encoding on
Big-Endian machines.
(Anna Henningsen) nodejs#9837
* cluster:
- disconnect() now returns a reference to the disconnected
worker. (Sean Villars)
nodejs#10019
* crypto:
- The built-in list of Well-Known CAs (Certificate Authorities)
can now be extended via a NODE_EXTRA_CA_CERTS environment
variable. (Sam Roberts)
nodejs#9139
* http:
- Remove stale timeout listeners in order to prevent a memory leak
when using keep alive. (Karl Böhlmark)
nodejs#9440
* tls:
- Allow obvious key/passphrase combinations. (Sam Roberts)
nodejs#10294
* url:
- Including base argument in URL.originFor() to meet specification
compliance. (joyeecheung)
nodejs#10021
- Improve URLSearchParams to meet specification compliance.
(Timothy Gu) nodejs#9484
PR-URL: nodejs#10277
cjihrig
added a commit
that referenced
this pull request
Dec 20, 2016
Notable changes:
* buffer:
- buffer.fill() now works properly for the UCS2 encoding on
Big-Endian machines.
(Anna Henningsen) #9837
* cluster:
- disconnect() now returns a reference to the disconnected
worker. (Sean Villars)
#10019
* crypto:
- The built-in list of Well-Known CAs (Certificate Authorities)
can now be extended via a NODE_EXTRA_CA_CERTS environment
variable. (Sam Roberts)
#9139
* http:
- Remove stale timeout listeners in order to prevent a memory leak
when using keep alive. (Karl Böhlmark)
#9440
* tls:
- Allow obvious key/passphrase combinations. (Sam Roberts)
#10294
* url:
- Including base argument in URL.originFor() to meet specification
compliance. (joyeecheung)
#10021
- Improve URLSearchParams to meet specification compliance.
(Timothy Gu) #9484
PR-URL: #10277
imyller
added a commit
to imyller/meta-nodejs
that referenced
this pull request
Dec 21, 2016
Notable changes:
* buffer:
- buffer.fill() now works properly for the UCS2 encoding on
Big-Endian machines.
(Anna Henningsen) nodejs/node#9837
* cluster:
- disconnect() now returns a reference to the disconnected
worker. (Sean Villars)
nodejs/node#10019
* crypto:
- The built-in list of Well-Known CAs (Certificate Authorities)
can now be extended via a NODE_EXTRA_CA_CERTS environment
variable. (Sam Roberts)
nodejs/node#9139
* http:
- Remove stale timeout listeners in order to prevent a memory leak
when using keep alive. (Karl Bohlmark)
nodejs/node#9440
* tls:
- Allow obvious key/passphrase combinations. (Sam Roberts)
nodejs/node#10294
* url:
- Including base argument in URL.originFor() to meet specification
compliance. (joyeecheung)
nodejs/node#10021
- Improve URLSearchParams to meet specification compliance.
(Timothy Gu) nodejs/node#9484
PR-URL: nodejs/node#10277
Signed-off-by: Ilkka Myller <ilkka.myller@nodefield.com>
This was referenced Jan 14, 2017
3 tasks
3 tasks
hiroppy
added
the
whatwg-url
This was referenced Nov 11, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Checklist
make -j8 test(UNIX), orvcbuild test nosign(Windows) passesdocumentation is changed or added(WHATWG URL interface is still experimental and undocumented)Affected core subsystem(s)
url, test
Description of change
This PR aims to improve the general compatibility of
URLSearchParamsclass with WHATWG's URL Standard. Specifically, the PR consists of the following parts:URLSearchParamsconstructor signature the same as the spec?inURL#search's setterkeys,entries, andforEachmethodsURLSearchParamsIteratorobject instead of a generator function for@@iterator, per spec%20vs+, are still commented out.TODOs and points of discussion:
URLSearchParamspublic@@iterator,keys,values, andentriesapplication/x-www-form-urlencodedbyte serializer disagrees on certain characters such as0x20(space; encodeURIComponent escapes it as%20while querystring should serialize it to+),0x27(left paren; encodeURIComponent does not escape but querystring should), etc.Fixes: #9302