I've ran into this when some external service sent an escaped character:
In [16]: str(URL("/").with_query(foo="bar&baz%26qux"))
Out[16]: '/?foo=bar%26baz%26qux'
The distinction between inputs & and %26 is lost:
In [19]: URL(x).query
Out[19]: <MultiDictProxy('foo': 'bar&baz&qux')>
This makes the library hard to use for arbitrary input.
The specific case where yarl broke involved 2 redirects (i.e. nested) where each had own query parameters.
I've ran into this when some external service sent an escaped character:
The distinction between inputs
&and%26is lost:This makes the library hard to use for arbitrary input.
The specific case where
yarlbroke involved 2 redirects (i.e. nested) where each had own query parameters.