You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As per purl specification, purl URL should conform to the URL definitions or specifications of rfc3986. Current implementation uses WebUtility.UrlEncode() and WebUtility.UrlDecode() which does not follow rfc3986 specification.
Example -
PackageURLpurl=newPackageURL("docker","ruby advisory db check");Console.WriteLine(purl.ToString());// This code produces the following output:// pkg:docker/ruby+advisory+db+check
As here we can see the WebUtility.UrlEncode() encodes spaces as + but as per rfc3986 it should be encoded as %20. If we look other implementations of purl (JAVA, JS) those implementations encode spaces as %20. There's incompatibility with other implementations when they decode purl encoded by this dotnet implementation.
The text was updated successfully, but these errors were encountered:
As per purl specification, purl URL should conform to the URL definitions or specifications of rfc3986. Current implementation uses
WebUtility.UrlEncode()
andWebUtility.UrlDecode()
which does not follow rfc3986 specification.Example -
As here we can see the WebUtility.UrlEncode() encodes spaces as
+
but as per rfc3986 it should be encoded as%20
. If we look other implementations of purl (JAVA, JS) those implementations encode spaces as%20
. There's incompatibility with other implementations when they decode purl encoded by this dotnet implementation.The text was updated successfully, but these errors were encountered: