Encode a URL to a percent-encoded form, excluding already-encoded sequences
Changed
\
, ^
, and |
.Important: If you are using this to encode user entered and validated URLs, upgrade to v2 immediately. It is possible to exploit \
encoding in v1. A URL can be formed that looks like http://foo.com\@bar.com
, which parses as foo.com
for the host, but when encodeUrl(url)
will parse as bar.com
for the host.
https://github.com/pillarjs/encodeurl/compare/v1.0.2...v2.0.0
%
as last character