Form GET key square brackets encoded upon form submission

Question

When I submit my form my square brackets end up encoded in the url like this: http://example.com/myurl?key%5B%5D=something

I'm checking the nginx access.log to see if I can see anything weird in there, but it's just the same, single request that's logged for http://example.com/myurl?key%5B%5D=something as well (which makes me think no rewriting is causing this).

What else could be causing this? Can't say I've ever had this happening before.

Tested this in both chrome and Edge, both same result.

Answer 1

What else could be causing this?

The browser.

From the HTML spec:

If the byte is in the range 0x2A, 0x2D, 0x2E, 0x30 to 0x39, 0x41 to 0x5A, > 0x5F, 0x61 to 0x7A
Leave the byte as is.

[ and ] are U+005B : LEFT SQUARE BRACKET and U+005D : RIGHT SQUARE BRACKET, so they aren't in that range.

Otherwise

1. Let s be a string consisting of a U+0025 PERCENT SIGN character (%) followed by uppercase ASCII hex digits representing the hexadecimal value of the byte in question (zero-padded if necessary).
2. Encode the string s as US-ASCII, so that it is now a byte string.
3. Replace the byte in question in the name or value being processed by the bytes in s, preserving their relative order.

So they get replaced by %5B and %5D