Re: Query String format still undefined ? from Agnieszka Szczurowska R (TX/EUS) on 2004-07-22 (ietf-http-wg@w3.org from July to September 2004)

From: Agnieszka Szczurowska R (TX/EUS) <agnieszka.r.szczurowska@ericsson.com>
Date: Thu, 22 Jul 2004 11:44:33 -0400 (EDT)
To: "'jamie@shareable.org'" <jamie@shareable.org>, "'ietf-http-wg@w3.org'" <ietf-http-wg@w3.org>
Message-ID: <EFE4009159F56D45A2CFF0DCB899514E092DD3DC@eamrcnt747.exu.ericsson.se>

Hi,

I read your reply to Stephan Hesmer's question about BNF of query string. Your message was very informative. I have a question though about your Generating query strings section: what references did you use for these summaries? I am especially interested in:
 "/", ":", "@", "$" and "," should be %-escaped, as these are the other "reserved" characters of generic URI syntax, although they aren't reserved in this context. Most (perhaps all) servers accept these without %-escaping, but it is sensible to do so. "/" is significant because some old relative URI resolvers don't behaviour properly if this appears in a query string. 
section. This would be an excellent answer to my question below. I need to submit a bug on one of the servers we are using, but need to base my answer on standards.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

I have a question about http URL schema and even though it seems simple I cannot find a concrete answer from http related RFCs.

My question: Are characters like @ and : supposed to be escaped within http query string of GET requests?

My analysis:

1) I read RFC 2068 (specifically sections 3.2 and 5.1) and as far as BNF of Request-URI they refer to RFC 2396.


2) I read RFC 2396, which is a generic RFC for URI, not specific to HTTP. BNF for query is defined as following:
query = *uric 
uric = reserved | unreserved | escaped 
reserved = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+" | "$" | "," 
unreserved = alphanum | mark 
mark = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")" 
escaped = "%" hex hex 
According to the above BNF, @ and : are reserved characters and should be escaped in the following query string if not used for what they were reserved for:

GET /script?owner=sip%3A12145836201%40imsp.net&action=get_attributes HTTP/1.1


3) HOWEVER, previous version of RFC 2396, RFC 1738, specified in HTTP specific section 3.3 that only 4 characters: / ; , ? are reserved for query in http URL. RFC 2396 also specifies that schema specific parts of RFC 1738 would become separate documents. I can find separate documents for other schemas, but not for HTTP directly.

It seems like accordingly to old RFC 1738, @ and : would not have to be escaped and the query string would look like:
GET /script?owner=sip:12145836201@imsp.net&action=get_attributes HTTP/1.1

I would really appreciate your help, since I have exhausted all known to me documentation provided by w3.
Thank you.

Best Regards,
Agnieszka Szczurowska

Ericsson Inc.
Internet Protocol Multimedia  Solutions Integration

Received on Friday, 23 July 2004 05:54:18 UTC