From b1a8e1e5b2da8c196519f618c892049ed5f311a0 Mon Sep 17 00:00:00 2001
From: florin <30274513+cyclecraze@users.noreply.github.com>
Date: Sun, 30 Aug 2020 13:09:12 -0400
Subject: [PATCH] vweb: escape form key, not only value. (#6269)

---
 vlib/vweb/vweb.v | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/vlib/vweb/vweb.v b/vlib/vweb/vweb.v
index 8c5859db23..756d4c7907 100644
--- a/vlib/vweb/vweb.v
+++ b/vlib/vweb/vweb.v
@@ -494,7 +494,9 @@ fn (mut ctx Context) parse_form(s string) {
 		}
 		keyval := word.trim_space().split('=')
 		if keyval.len != 2 { continue }
-		key := keyval[0]
+		key := urllib.query_unescape(keyval[0]) or {
+			continue
+		}
 		val := urllib.query_unescape(keyval[1]) or {
 			continue
 		}