Values provided to WebAuthenticatorResult as an Uri are not properly url decoded

[fredericDelaporte]

Description

Values provided to WebAuthenticatorResult as an Uri are not properly url decoded.

Steps to Reproduce

1. Use WebAuthenticator.AuthenticateAsync to navigate to some authentication endpoint which callback uri has a querystring with parameter values requiring url encoding, such as "some message & stuff". So the callback url will contain a parameter like msg=some+message+%26+stuff or msg=some%20message%20%26%20stuff, depending on the used encoding algorithm.
2. Get the parameter value from the WebAuthenticatorResult.Get method.

Expected Behavior

Yield a properly decoded value: some message & stuff.

Actual Behavior

Yield a value still url encoded: some+message+%26+stuff.

Basic Information

• Version with issue: Likely all since the feature exist. At least current source code and 1.7.5
• Last known good version: None I know of.
• IDE: VS 2022
• Platform Target Frameworks:
  • iOS: 10.0
  • Android: 13.0
  • UWP: not used
• Nuget Packages: Xamarin.Essentials
• Affected Devices: all

Involved code

Essentials/Xamarin.Essentials/Types/Shared/WebUtils.shared.cs

Lines 11 to 43 in 6ec2124

	internal static IDictionary<string, string> ParseQueryString(string url)
	{
	var d = new Dictionary<string, string>();
	if (string.IsNullOrWhiteSpace(url) || (!url.Contains("?") && !url.Contains("#")))
	return d;
	var qsStartIndex = url.IndexOf('?');
	if (qsStartIndex < 0)
	qsStartIndex = url.IndexOf('#');
	if (url.Length - 1 < qsStartIndex + 1)
	return d;
	var qs = url.Substring(qsStartIndex + 1);
	var kvps = qs.Split('&');
	if (kvps == null || !kvps.Any())
	return d;
	foreach (var kvp in kvps)
	{
	var pair = kvp.Split(new char[] { '=' }, 2);
	if (pair == null || pair.Length != 2)
	continue;
	d[pair[0]] = pair[1];
	}
	return d;
	}

This code does not parse properly a querystring. Parameters values (but also keys) should be Url decoded, otherwise the parsing is incomplete. System.Net.WebUtility.UrlDecode could do it adequately, if called on extracted keys and values.

Or extract properly the querystring (currently an uri with both a querystring and a hash will have the last querystring parameter value corrupted by appending it with the hash until the next thing looking like a new parameter, which is another latent bug), then call System.Web.HttpUtility.ParseQueryString on it. (But is System.Web an acceptable dependency?)

This said, fixing this may be a possible breaking change.