'Are HTTP query string parameters and form field names containing dot (`.`) discouraged or prohibited in modern Web development?

I created a HTTP API endpoint for searching a database, it is used like this

GET /orders?created_by.name=John&delivery_estimate.start=2022-06-01

Our web frontend developer team claims that they are not able to use this API because all the existing React Material UI form libraries serialize form fields that contain dots in their names as nested object, i.e. a form having created_by.name and delivery_estimate.start fields will be serialized into

{"created_by": {"name": "John"}, {"delivery_estimate": {"start": "2022-06-01"}}

instead of

{"created_by.name": "John", "delivery_estimat.start": "2022-06-01"}

and there is absolutely no possibility to change that behavior. They strongly insist on changing the API, saying that mobile developers also most likely will not be able to use it for the same reason.

Question: are there any standards, recommendations or conventions on which printable ASCII characters shall or shall not be used in query string parameters or form field names? I was not able to find anything more credible than https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#form-submission-algorithm which does not pose any of such restrictions, but that's a pretty old document.



Solution 1:[1]

Full Stop (U+002E) is an element in the unreserved production rule defined by RFC 3986.

Therefore, the use of it in a resource identifier should be fine for any standard compliant HTTP component.

Local spelling conventions may restrict its use


Question: are there any standards, recommendations or conventions on which printable ASCII characters shall or shall not be used in query string parameters or form field names?

RFC 3986, Appendix A

If you are intending what HTML web forms be a mechanism for creating resource identifiers, then you will want to review the application/x-www-form-urlencoded standard to understand how characters may be encoded when copying form data into the query part of the URI.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 VoiceOfUnreason