Differences in parsers can result in security issues under certain circumstances. For example, cache poisoning.
Help me add to this list! Comment below
Source | Key-value pair delimiters | Issue |
---|---|---|
WHATWG Spec | & | |
Python 3.9.1 | & ; | 42967 |
Python 3.9.2rc1 | & (Default) | |
Go 1.16 | & ; | #23447 |
form_urlencoded 1.0.0 (Rust) | & | |
Rocket 0.4.7 (Rust) | & | |
Node 15.9.0 querystring | & (Default) | |
Node 15.9.0 URLSearchParams | & | |
qs 6.9.6 (JavaScript) | & (Default) | |
HttpComponents 5.0.3 (Java) | & ; | |
Ruby 3.0.0 | & ; | |
Addressable 2.7.0 (Ruby) | & | |
PHP 8.0.2 | & (Default) | |
nginx 1.19.7 | & | |
minio | & ; | |
AWS S3 | & |