ublock href-sanitizer not working correctly as expected

[hurgir]

Prerequisites

• I verified that this is not a filter list issue. Report any issues with filter lists or broken website functionality in the uAssets issue tracker.
• This is NOT a YouTube, Facebook or Twitch report. These sites MUST be reported by clicking their respective links.
• This is not a support issue or a question. For support, questions, or help, visit /r/uBlockOrigin.
• I performed a cursory search of the issue tracker to avoid opening a duplicate issue.
• The issue is not present after disabling uBO in the browser.
• I checked the documentation to understand that the issue I am reporting is not normal behavior.

I tried to reproduce the issue when...

• uBO is the only extension.
• uBO uses default lists and settings.
• using a new, unmodified browser profile.

Description

ublock href-sanitizer scriplet does not show the desired behavior for links containing the % character in it. The same works as expected with the adguard addon and the filter rule.

A specific URL where the issue occurs.

https://forum.donanimhaber.com/mesaj/yonlen/159073416
https://forum.donanimhaber.com/mesaj/yonlen/159073515

Steps to Reproduce

1.add forum.donanimhaber.com##+js(href-sanitizer, a[href*="/ExternalLinkRedirect"][href*="url="], ?url) rule to my filters.
2.go to https://forum.donanimhaber.com/mesaj/yonlen/159073416
3.click on the amazon.com.tr link on the page

Expected behavior

direct access and opening of the desired site https://www.amazon.com.tr/Arzum-ARZUM-AR5029-ROSY-EP%C4%B0LAT%C3%96R/dp/B07F739SBS?language=tr_TR

Actual behavior

redirect to https://forum.donanimhaber.com/ExternalLinkRedirect?module=after-renderer-for-new-editor&messageId=159073416&url=https://www.amazon.com.tr/Arzum-ARZUM-AR5029-ROSY-EP%c4%b0LAT%c3%96R/dp/B07F739SBS

uBO version

1.58.0

Browser name and version

Brave 1.67.123 Chromium: 126.0.6478.126

Operating System and version

macOS Sonoma 14.5

[hurgir]

Hello, when I apply the rule

forum.donanimhaber.com##+js(href-sanitizer, a[href*="/ExternalLinkRedirect"][href*="url="], ?url)

and click on the link at this address: https://forum.donanimhaber.com/mesaj/yonlen/158899898, it redirects to https://www.temu.com/goods.html?_bg_fs=1 and truncates the rest of the link. However, the link in this message works as expected: https://forum.donanimhaber.com/mesaj/yonlen/158901348.
I noticed that the links which do not work correctly contain the word 'html'.

browser
Brave uBlock Origin development build
Version 1.58.1.103

[gorhill]

it redirects to https://www.temu.com/goods.html?_bg_fs=1

It's a site issue, it's not properly encoding the URL.

[hurgir]

I'm not sure if I should open a new issue, so I'm writing here instead.

1.Add the following filter: onual.com##+js(href-sanitizer, a[href*="https://zxro.com/u/"][href*="url="], ?url)
2.Visit the address: https://onual.com/fiyat/ltb-lacivert-kazak-011241601051219-301-001-p-1840974.html#fiyat=165&kullanici=95
3.Click on the "Ürüne Git" button.
uBlock Origin redirects to https://zxro.com/u/?url=https%3A%2F%2Fwww.n11.com%2Farama%3Fq%3DLtb+Lacivert+Kazak+011241601051219_301+001

The same page, when accessed with the AdGuard Chrome extension and applying the same filter rule, redirects as expected to https://www.n11.com/arama?q=Ltb%20Lacivert%20Kazak%20011241601051219_301%20001

[gorhill]

The URL parameter is not properly encoded by the website. The parameter value used is:

https%3A%2F%2Fwww.n11.com%2Farama%3Fq%3DLtb+Lacivert+Kazak+011241601051219_301+001

When properly encoded, it should have been:

https%3A%2F%2Fwww.n11.com%2Farama%3Fq%3DLtb%2520Lacivert%2520Kazak%2520011241601051219_301%2520001

[gorhill]

double-encoded spaces in your URL

Yes, because the URL is a parameter, it needs to go through encodeURIComponent. Just try at the console:

let realURL = new URL('https://www.n11.com/arama?q=Ltb Lacivert Kazak 011241601051219_301 001');
console.log(realURL.href);

let trackerURL = new URL('https://example.com/');
trackerURL.searchParams.set('url', realURL.href);
console.log(trackerURL.href);

Output:

https://www.n11.com/arama?q=Ltb%20Lacivert%20Kazak%20011241601051219_301%20001
https://example.com/?url=https%3A%2F%2Fwww.n11.com%2Farama%3Fq%3DLtb%2520Lacivert%2520Kazak%2520011241601051219_301%2520001