[Prev][Next][Index][Thread]

Re: Encoding the form-urlencoded Media Type



In message <9508140926.AA12867@venus.sirius.com>, "Eric P. Scott" writes:
>draft-ietf-html-spec-05.txt (August 8, 1995) section 8.2.1 says:
>
>        1. The form field names and values are escaped: space
>        characters are replaced by `+', and then reserved characters
>        are escaped as per [URL]; that is, non-alphanumeric
>
>[My copy of RFC 1738 is dated December 1994!]
Good catch.


>I'm confused about the meaning of "reserved" in this context, or
>on exactly how much of [URL] is being incorporated by reference
>here--is it just the %HH encoding?

Yes.

>  I think the desired behavior
>is to encode space characters as `+'

yes.

> and `+' characters as %2B

no. Why?

>(note that [URL] considers `+' "safe!").

Exactly. + shouldn't be encoded, I believe.

>  Looking at the just-
>released-to-the-public W3C WWWLibrary, HTEscape.c appears to let
>"-._" pass unencoded, but not the "safe" `$'; the "extra" `*' is
>O.K., yet none of its peers are.

This is a defect in WWWLibrary. I believe henrik already knows
about this. I'll copy www-lib@w3.org on this just in case.


>I think we're all in agreement that alphanumerics don't need to
>be encoded.  Nowhere else in draft-ietf-html-spec-05.txt is
>there any mention of what constitute "reserved characters," but
>it seems that [URL]'s definition isn't applicable,

Why not? I believe [URL]'s definition is applicable. Hmmm...
it may be updated by [RELURL]. Roy?

> yet the
>reference implementation doesn't limit itself to strict
>alphanumerics either.

As I said, this is a bug. I'm pretty sure it's a known bug.

Dan