Menu
▾
▴
Re: [naviserver-devel] percent-encoded characters in URL
|
From: Gustaf N. <ne...@wu...> - 2021-08-25 07:36:28
|
Dear Wolfgang,
according to RFC 3986, the at-sign should not be encoded, neither in the
path segments, nor in the query components.
For querycomponents the right parameter for ns_urlencode is
ns_urlencode -part query a@b
The full query parameter pair should be encoded with
set pair [ns_urlencode -part query $key]=[ns_urlencode -part query $value]
RFC 3986 mentions explicitly the at-sign here:
pchar = unreserved / pct-encoded / sub-delims / ":" / "@"
query = *( pchar / "/" / "?" )
The JavaScript definition is rather vague about the meaning of a URI
component; the closest thing in the RFC are path segments and query
components. Since these two kind of components are defined differently
in RFC 3986, it is clear that encodeURIComponent() does not follow the
definition in RFC 3986. JavaScript has actually its own definition of
"Universal Resource Identifier Character Classes" (see Annex 7 in [1]),
which encodes more than necessary (probably JavaScript does not want to
release a new version whenever the RFC is updated). The document states
as well that the syntax of Uniform Resource Identifiers is based upon
RFC 2396 (sect 18.2.6.1.2)
/This syntax of Uniform Resource Identifiers is based upon RFC 2396
and does not reflect the more recent RFC 3986 which replaces RFC
2396. A formal description and implementation of UTF-8 is given in
RFC 3629./
On an other place (section B.2.1.1, definition of escape), it states:
/The encoding is partly based on the encoding described in RFC 1738,
but the entire encoding specified in this standard is described
above without regard to the contents of RFC 1738. This encoding does
not reflect changes to RFC 1738 made by RFC 3986./
An encoding-set agnostic percent decoder decodes everything, so this
works in practice. No recent web software should have problems with
standard-compliant URIs, as produced by NaviServer.
Why are you asking?
all the best
-gn
[1]
https://262.ecma-international.org/9.0/#sec-universal-resource-identifier-character-classes
On 25.08.21 08:21, Wolfgang Winkler via naviserver-devel wrote:
>
> Dear List!
>
> When using ns_urlencode, I've noticed, that the "@" sign will not be
> percent encoded, unless "-part oauth1" is stated:
>
> ns_urlencode te...@te...
> te...@te...
>
> ns_urlencode -part oauth1 te...@te...
> test%40test.com
>
> What is the correct way to encode URL params, e.g. in
>
> http://test.com/register/login?email=te...@te...
>
> In Javascript (Chrome + Firefox)
>
> encodeURIComponent("te...@te...");
>
> yields
>
> "test%40test.com"
>
> This is should be the RFC for this topic:
>
> https://datatracker.ietf.org/doc/html/rfc3986#section-2.3
>
> Yours,
>
> Wolfgang
>
> --
>
> *Wolfgang Winkler*
> Geschäftsführung
> wol...@di...
> mobil +43.699.19971172
>
> dc:*büro*
> digital concepts Novak Winkler OG
> Software & Design
> Landstraße 68, 5. Stock, 4020 Linz
> www.digital-concepts.com <http://www.digital-concepts.com>
> tel +43.732.997117.72
> tel +43.699.1997117.2
>
> Firmenbuchnummer: 192003h
> Firmenbuchgericht: Landesgericht Linz
>
>
>
>
> _______________________________________________
> naviserver-devel mailing list
> nav...@li...
> https://lists.sourceforge.net/lists/listinfo/naviserver-devel
--
Univ.Prof. Dr. Gustaf Neumann
Head of the Institute of Information Systems and New Media
of Vienna University of Economics and Business
Program Director of MSc "Information Systems"
|
