Canonicalize("http://www.evil.com/blah#frag") = "http://www.evil.com/blah"; Canonicalize("http://evil.com/foo?bar;") = "http://evil.com/foo?bar;";
So fragments get dropped (as expected) buy query params do not (also, in retrospect, what I'd expect to make it work at all...)
So https://news.ycombinator.com/reply?id=21254732 will not end up hashing "https://ycombinator.com", but the whole thing including the path and query string.
Canonicalize("http://www.evil.com/blah#frag") = "http://www.evil.com/blah"; Canonicalize("http://evil.com/foo?bar;") = "http://evil.com/foo?bar;";
So fragments get dropped (as expected) buy query params do not (also, in retrospect, what I'd expect to make it work at all...)
So https://news.ycombinator.com/reply?id=21254732 will not end up hashing "https://ycombinator.com", but the whole thing including the path and query string.