ardatan
Default url encoding/escaping on url parameters (encodeURIComponent)
Is your feature request related to a problem? Please describe.
First of all, in the brief time frame I had I wasn't able to work with the unit tests to verify this.
That said, after reviewing some code of this lib in the context of another project, I found that it seems that url path parameters are not at all encoded in createClient().
E.g. making a call to /todo/{id} implies url-injection by means of id, while initially I would expect the lib to take care of that, given the use of url/query/body/json builders, all the schema validation and typing provided.
To the devs around me this isn't fully clear and potentially poses security issues.
Describe the solution you'd like
By default, apply encodeURIComponent() to all param values. Optionally make it configurable per instance to use encodeURI() instead, or disable encoding altogether.
Describe alternatives you've considered
Have devs apply encoding on all param values, but it's very error prone and leads to lots of unnecessary discussions.
Additional context ..
We use qs to handle params;
https://github.com/ardatan/feTS/blob/master/packages/fets/src/client/createClient.ts#L223
We can maybe expose the options of that to allow users to modify it. PRs are welcome!
