'#' and '&' characters in the SEED parameter cause random data generation (V1.3)
Closed this issue · 2 comments
I was testing different seed values and combinations of characters, double checking that same data is generated each time.
I found that "#" and "&" characters tend to act as string terminators, and if used on their own, generate data as if no seed is present.
Placing one of these characters in the middle of the seed string, produces consistent data values, but the seed in the "info" object only takes into consideration the characters "#"/"&".
To recreate, include seed parameter and give it a value containing either of the characters such as:
- https://randomuser.me/api/?seed=<sp_char>
or - https://randomuser.me/api/?seed=<"string"><sp_char><"string">
Screenshots are attached.
If we search for "safe url characters" you may find out that Alphanumerics [0-9a-zA-Z], and some special characters like $-_.+!*'() are acceptable in Url and are considered "safe" to use. Also ASCII control characters and Non ASCII can also be used but have to be encoded. Aside from those, we have some Reserved Characters : ; / ? : @ = & and finally Unsafe cahracters: Includes the blank/empty space and " < > # % { } | \ ^ ~ [ ] .
What you've used here are Reserved Character - & which is used to append a queryParam and and Unsafe "#" which in modern single page front-end applications like Angular, React etc. indicates to browser that it should not make API calls after # and everything after "#" symbol is for internal (Angular, React etc.) router to load javascript pages (This is called a Hash location strategy).
And to be honest with you, I really can't find a usecase why would you possibly use # or & (aside from queryparams) in a request.
@vmuresanu Thanks for your reply! I have considered that this may be the case, and have tested the other query parameter chars (all of which worked). For this reason I thought that there may have been a missed case with the "#" and "&".