Fix parsing of URLs containing & in the path
djmitche opened this issue · comments
IIUC, there's a risk that this will mis-parse paths that happen to use & in the resource component, such as:
https://example.com/this&that&bewit=true
Such paths seem vanishingly unlikely in practice, but I don't think anything outright prevents them, and I can imagine them being constructed maliciously to try to trick the application's validation logic. It may be worth splitting first on the ? and then on the &, just in case.