From e00c27c7083660eeee8a4945646d687680ba3ee7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bottazini?= <aurelien.bottazini@gmail.com>
Date: Fri, 6 Aug 2021 16:08:20 +0200
Subject: [PATCH 1/3] Add support for encoding lowercase / (%2f) and ampersand
 (%26)

Add specs for ? (%3f)
---
 src/encoding.ts        | 8 ++++++--
 test/normalize.test.ts | 3 ++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/encoding.ts b/src/encoding.ts
index a4385540..25f4932a 100644
--- a/src/encoding.ts
+++ b/src/encoding.ts
@@ -18,7 +18,7 @@ const ENC_CURLY_OPEN_RE = /%7B/g // {
 const ENC_PIPE_RE = /%7C/g // |
 const ENC_CURLY_CLOSE_RE = /%7D/g // }
 const ENC_SPACE_RE = /%20/g
-const ENC_SLASH_RE = /%2F/g
+const ENC_SLASH_RE = /%2F/gi
 const ENC_ENC_SLASH_RE = /%252F/g
 
 /**
@@ -87,7 +87,11 @@ export function encodeQueryKey (text: string | number): string {
  * @returns encoded string
  */
 export function encodePath (text: string | number): string {
-  return encode(text).replace(HASH_RE, '%23').replace(IM_RE, '%3F').replace(ENC_ENC_SLASH_RE, '%2F')
+  return encode(text)
+           .replace(HASH_RE, '%23')
+           .replace(IM_RE, '%3F')
+           .replace(ENC_ENC_SLASH_RE, '%2F')
+           .replace(AMPERSAND_RE, '%26')
 }
 
 /**
diff --git a/test/normalize.test.ts b/test/normalize.test.ts
index cfff187a..3bff42df 100644
--- a/test/normalize.test.ts
+++ b/test/normalize.test.ts
@@ -29,7 +29,8 @@ describe('normalizeURL', () => {
     'http://localhost/?redirect=http://google.com?q=test': 'http://localhost/?redirect=http://google.com?q=test',
     'http://localhost/?email=some+v1@email.com': 'http://localhost/?email=some+v1@email.com',
     'http://localhost/?email=some%2Bv1%40email.com': 'http://localhost/?email=some%2Bv1@email.com',
-    'http://localhost/abc/deg%2F%2Ftest?email=some+v1@email.com': 'http://localhost/abc/deg%2F%2Ftest?email=some+v1@email.com'
+    'http://localhost/abc/deg%2F%2Ftest?email=some+v1@email.com': 'http://localhost/abc/deg%2F%2Ftest?email=some+v1@email.com',
+    'http://localhost/abc/deg%2f%3f%26test?email=some+v1@email.com': 'http://localhost/abc/deg%2F%3F%26test?email=some+v1@email.com'
   }
 
   const validURLS = [

From 8f0016fef7b087408437c73ff676a9914c942ad3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bottazini?= <aurelien.bottazini@gmail.com>
Date: Fri, 6 Aug 2021 16:49:38 +0200
Subject: [PATCH 2/3] Add spec to verify that & is not encoded inside query

---
 test/normalize.test.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/normalize.test.ts b/test/normalize.test.ts
index 3bff42df..b27d0ef6 100644
--- a/test/normalize.test.ts
+++ b/test/normalize.test.ts
@@ -30,7 +30,7 @@ describe('normalizeURL', () => {
     'http://localhost/?email=some+v1@email.com': 'http://localhost/?email=some+v1@email.com',
     'http://localhost/?email=some%2Bv1%40email.com': 'http://localhost/?email=some%2Bv1@email.com',
     'http://localhost/abc/deg%2F%2Ftest?email=some+v1@email.com': 'http://localhost/abc/deg%2F%2Ftest?email=some+v1@email.com',
-    'http://localhost/abc/deg%2f%3f%26test?email=some+v1@email.com': 'http://localhost/abc/deg%2F%3F%26test?email=some+v1@email.com'
+    'http://localhost/abc/deg%2f%3f%26?email=some+v1@email.com&foo=bar': 'http://localhost/abc/deg%2F%3F%26?email=some+v1@email.com&foo=bar'
   }
 
   const validURLS = [

From 2ad32615c5d2cd8e82657dfaa81bf8ea773685c6 Mon Sep 17 00:00:00 2001
From: Pooya Parsa <pyapar@gmail.com>
Date: Tue, 17 Aug 2021 19:17:51 +0200
Subject: [PATCH 3/3] fix: handle case for other encoding regexes

---
 src/encoding.ts | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/src/encoding.ts b/src/encoding.ts
index 25f4932a..8682cfa6 100644
--- a/src/encoding.ts
+++ b/src/encoding.ts
@@ -10,16 +10,16 @@ const EQUAL_RE = /=/g // %3D
 const IM_RE = /\?/g // %3F
 const PLUS_RE = /\+/g // %2B
 
-const ENC_BRACKET_OPEN_RE = /%5B/g // [
-const ENC_BRACKET_CLOSE_RE = /%5D/g // ]
-const ENC_CARET_RE = /%5E/g // ^
-const ENC_BACKTICK_RE = /%60/g // `
-const ENC_CURLY_OPEN_RE = /%7B/g // {
-const ENC_PIPE_RE = /%7C/g // |
-const ENC_CURLY_CLOSE_RE = /%7D/g // }
-const ENC_SPACE_RE = /%20/g
+const ENC_BRACKET_OPEN_RE = /%5B/gi // [
+const ENC_BRACKET_CLOSE_RE = /%5D/gi // ]
+const ENC_CARET_RE = /%5E/gi // ^
+const ENC_BACKTICK_RE = /%60/gi // `
+const ENC_CURLY_OPEN_RE = /%7B/gi // {
+const ENC_PIPE_RE = /%7C/gi // |
+const ENC_CURLY_CLOSE_RE = /%7D/gi // }
+const ENC_SPACE_RE = /%20/gi
 const ENC_SLASH_RE = /%2F/gi
-const ENC_ENC_SLASH_RE = /%252F/g
+const ENC_ENC_SLASH_RE = /%252F/gi
 
 /**
  * Encode characters that need to be encoded on the path, search and hash
@@ -88,10 +88,10 @@ export function encodeQueryKey (text: string | number): string {
  */
 export function encodePath (text: string | number): string {
   return encode(text)
-           .replace(HASH_RE, '%23')
-           .replace(IM_RE, '%3F')
-           .replace(ENC_ENC_SLASH_RE, '%2F')
-           .replace(AMPERSAND_RE, '%26')
+    .replace(HASH_RE, '%23')
+    .replace(IM_RE, '%3F')
+    .replace(ENC_ENC_SLASH_RE, '%2F')
+    .replace(AMPERSAND_RE, '%26')
 }
 
 /**