W3C home > Mailing lists > Public > www-talk@w3.org > July to August 2004

% escaping of characters like @ in the http query string

From: Agnieszka Szczurowska R (TX/EUS) <agnieszka.r.szczurowska@ericsson.com>
Date: Tue, 3 Aug 2004 17:47:07 -0500
Message-ID: <EFE4009159F56D45A2CFF0DCB899514E092DD437@eamrcnt747.exu.ericsson.se>
To: www-talk@w3.org

Hi,

I have a question about http URL schema and even though it seems simple I cannot find a concrete answer from http related RFCs.

My question: Are characters like @ and : supposed to be escaped within http query string of GET requests?

My analysis:

1) I read RFC 2068 (specifically sections 3.2 and 5.1) and as far as BNF of Request-URI they refer to RFC 2396.


2) I read RFC 2396, which is a generic RFC for URI, not specific to HTTP. BNF for query is defined as following:
query = *uric 
uric = reserved | unreserved | escaped 
reserved = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+" | "$" | "," 
unreserved = alphanum | mark 
mark = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")" 
escaped = "%" hex hex 

According to the above BNF, @ and : are reserved characters and should be escaped in the following query string if not used for what they were reserved for:

GET /script?owner=sip%3A12145836201%40imsp.net&action=get_attributes HTTP/1.1


3) HOWEVER, previous version of RFC 2396, RFC 1738, specified in HTTP specific section 3.3 that only 4 characters: / ; , ? are reserved for query in http URL. RFC 2396 also specifies that schema specific parts of RFC 1738 would become separate documents. I can find separate documents for other schemas, but not for HTTP directly.

It seems like accordingly to old RFC 1738, @ and : would not have to be escaped and the query string would look like:
GET /script?owner=sip:12145836201@imsp.net&action=get_attributes HTTP/1.1

What are these characters reserved for in the http schema?

------>>>
The reason I am asking this is that I encountered a server that rejects requests with unescaped @ character in query strings. Should any server do that? After reading some of discussions in this forum it looks to me that if the originator of the request did not escape this characters then they are used for some reserved purpose and the server's parser should allow them as they are.
------>>>


I would really appreciate your help, since I have exhausted all known to me documentation provided by w3.
Thank you.

Best Regards,
Agnieszka Szczurowska

Ericsson Inc.
Internet Protocol Multimedia  Solutions Integration
Software Engineer
Received on Tuesday, 3 August 2004 18:47:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 October 2010 18:14:28 GMT