Menu
Is it legal or safe to depend on the ordering of URL query parameters? Specifically, would I be able to write code, and trust that that code will always work, that had different behavior based on these two query strings:
?a=10&add=5&multiply=3 # might mean (10 + 5) * 3
?a=10&multiply=3&add=5 # might mean (10 * 3) + 5
(My example is of course contrived, I know it's ridiculous to build a calculator like this. :) )
663
Those query strings are both perfectly legal and distinct. According to RFC 3986, the query string is nothing more than
...non-hierarchical data that... serves to identify a resource within the scope of the URI's scheme and naming authority
The rules for how HTML forms must generate key=value pairs in application/x-www-form-urlencoded format are detailed in the W3C HTML spec. Of particular interest are the rules for how to parse application/x-www-form-urlencoded content:
To decode
application/x-www-form-urlencodedpayloads, the following algorithm should be used....The output of this algorithm is a sorted list of name-value pairs.
Therefore, application/x-www-form-urlencoded query string content may be correctly regarded as a sorted list of key/value pairs.
However, bear in mind that not all Web frameworks capture this information. They may instead provide you with an unordered dictionary of property names and values parsed from the query string. For example, the url.parse method in Node.js returns a parsed query string as an object (whose properties are the key/value` pairs), and JavaScript objects are always unordered.
132
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
