[Seaside-dev] WAUrl decoding $+ when it should not (ZnUrl too)

[Johan Brichau]

Hi there,

When using a recent version of Zinc, the following functional tests fail when entering a text containing the character +
- http://localhost:8080/tests/functional/WAUrlEncodingFunctionalTest/
- http://localhost:8080/tests/functional-ajaxified/WAUrlEncodingFunctionalTest/

The $+ gets eaten and replaced with a space.

The problem surfaces only with recent versions of Zinc because the encoding was changed to be less strict (but apparently correct). 
In essence, the $+ is a safe character in the query and path segments of the URI [2].

What happens is the following:
- original request comes in with $+ encoded as %2B: 'http://localhost:8080/foo%2Bbar' 
- after parsing the request, a ZnUrl will print this url as: 'http://localhost:8080/foo+bar'
- the WAUrl instance is parsed from printed ZnUrl in the ZnAdaptor, leading to: 'http://localhost:8080/foo%20bar'

Following a discussion with Sven on the Pharo mailinglist, Sven noted (I think correctly) that a $+ should only be regarded as a space in the context of a get/post with mime type application/x-www-form-urlencoded [1].

Both Zinc and WAUrl are, however, (I think) wrongly decoding a $+ when it's in the path and query segments of a URI.
Hence, the changes to Zinc are leading to these bugs in Seaside:

self assert: (ZnUrl fromString: (ZnUrl fromString: 'http://localhost/?param=foo%2Bbar') printString) printString = 'http://localhost/?param=foo%20bar'.
self assert: (WAUrl decodePercent: (ZnUrl fromString: 'http://localhost/?param=foo%2Bbar') printString) printString = 'http://localhost/?param=foo bar'

Both assertions above should actually be false, imho.

So, am I correct that we should fix WAUrl ?

Feedback appreciated!
Johan

[1] http://en.wikipedia.org/wiki/Percent-encoding#The_application.2Fx-www-form-urlencoded_type
[2] http://blog.lunatech.com/2009/02/03/what-every-web-developer-must-know-about-url-encoding#Thereservedcharactersaredifferentforeachpart