HTTP Get Params not escaped correctly #10209

DanielHeath · 2014-11-24T23:08:55Z

Angular does not url-encode semicolon characters (whereas encodeURIComponent(';') does).

As a result, if a user types a semicolon into a field which is included in a GET request resulting in a call like

$http.get('/', params: {per_page: 20, search: 'foo;bar'})

We recommend that HTTP server implementors, 
and in particular, CGI implementors, support 
the use of ";" in place of "&"

A server using Rails will follow this spec and interpret the request as
{"per_page" =>"20", "search"=>"foo", "bar"=>nil}

Angular should escape GET params the same way as encodeURIComponent does.

The text was updated successfully, but these errors were encountered:

DanielHeath · 2014-11-24T23:45:38Z

Sorry, I see this was already reported as #9224

pkozlowski-opensource · 2014-11-25T07:06:29Z

Ok, if this is a duplicate let's move the discussion to the existing issue.

pkozlowski-opensource closed this as completed Nov 25, 2014

Provide feedback