W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: HTTP 1.0 & 1.1 URL safe characters conflict with HTML?

From: Peter J Churchyard <pjc@trusted.com>
Date: Thu, 8 Feb 1996 16:24:24 -0500 (EST)
Message-Id: <9602082124.AA05554@hilo.trusted.com>
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
I think there is room for a GOOD document that truely describes what
can appear in an href,src,action value. HTML 2.0 implies
	href=URI

Where URI may be quoted. I often see 'html' with blanks in the URI un-encoded.
This is in conflict with the URI spec. More recently, I have seen
	href="some odd substitution stuff" where the document is obviously
going to be processed by the client so that the URI is dynamic. (Seen in
some JAVA pages) Now the stuff between the quotes in no way is a URI. So
currently I tell users that the original 'html' was broke...

What also is needed is a good document describing the correct way to 
escape all characters that cgi-scripts may want to output as part of a URI.

I treat %xx and y as same  if xx is hex of y and y is a safe char. That is
I translate %xx to y since there is no need for it to be specified as %xx. I
have noticed that + is one of the characters that this is done with.

As a proxy writer I want the proxy to only pass 'correct' URIs since the
proxy allows URIs to be filtered, logged, denied or permitted depending on
a number of things.

Pete.
-- 
The TIS Network Security Products Group has moved!
voice: 301-527-9500 x123 fax: 301-527-0482
2277 Research Boulevard, 5th Floor, Rockville, MD 20850
Received on Thursday, 8 February 1996 13:30:05 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:44 EDT