Description
Q: Is pattern regex checking applied before or after urlencoding (rfc3986)?
The OpenAPI spec allows pattern for properties which uses JSON Schema validation. When applying the JSON Schema logic to a JSON data structure this validation works fine. The spec also provides ability for allowReserved to permit rfc3986 2.2 reserved characters. This logic becomes confusing however when the parameter is in the query and needs to be url encoded.
My question is: does pattern need to list all possible raw user inputs (ie: unreserved & percent-encoded characters)? eg: is [0-4] considered the same as ([0-4]|%30|%31|%32|%33|%34)
Example: Take the following spec which provides /search?name=My Name:
paths:
/search:
get:
parameters:
- name: name
in: query
required: true
schema:
type: string
pattern: '^[A-Za-z]+\s[A-Za-z]+$'
Here the spec expects a whitespace delimited full name. As the parameter is a GET query parameter ' ' (space) will be encoded as %20, thus GET /search?name=My%20Name. ECMA regular expression fails to match My%20Name, but matches My Name after urldecoding.
Can someone please clarify the behaviour. How should the documentation be updated to articulate this behaviour?