W3C home > Mailing lists > Public > public-qa-dev@w3.org > December 2002

Re: [check] Bug 66

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Wed, 04 Dec 2002 20:16:39 +0100
To: public-qa-dev@w3.org
Cc: nick@webthing.com
Message-ID: <3df65378.4227518@smtp.bjoern.hoehrmann.de>

* Nick Kew <nick@webthing.com> wrote:
>  The bug report seems to me to be in error.  Or, more specifically, it
>  hinges  on whether unescaped ö is allowed in a QUERY_STRING.  It may be
>  unsafe(?), but is AFAICS nevertheless legal, so ISTM SP is working
>  correctly, and the bug is in the serverside script.

>  If someone can convince me otherwise, I could patch it fairly easily to
>  escape 8-bit URIs, but I fear that could introduce serious bugs when
>  working with a 16-bit charset.  So at the very least I'd have to ask on
>  openjade-devel.
>
>Björn is basically saying that OpenSP should have escaped the first URL
>to the second.  AFAICS it would not be wrong to do so, but neither is
>it required.  Who is right?

I am :-) See section 4.2.2 of XML 1.0,
http://www.w3.org/TR/REC-xml#dt-sysid

[...]
  * Each disallowed character is converted to UTF-8 [IETF RFC 2279] as
    one or more bytes.

  * Any octets corresponding to a disallowed character are escaped with
    the URI escaping mechanism (that is, converted to %HH, where HH is
    the hexadecimal notation of the byte value).

  * The original character is replaced by the resulting character
    sequence.
[...]

This is a MUST.
Received on Wednesday, 4 December 2002 14:16:12 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 19 August 2010 18:12:43 GMT