- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Wed, 04 Dec 2002 20:16:39 +0100
- To: public-qa-dev@w3.org
- Cc: nick@webthing.com
* Nick Kew <nick@webthing.com> wrote:
> The bug report seems to me to be in error. Or, more specifically, it
> hinges on whether unescaped ö is allowed in a QUERY_STRING. It may be
> unsafe(?), but is AFAICS nevertheless legal, so ISTM SP is working
> correctly, and the bug is in the serverside script.
> If someone can convince me otherwise, I could patch it fairly easily to
> escape 8-bit URIs, but I fear that could introduce serious bugs when
> working with a 16-bit charset. So at the very least I'd have to ask on
> openjade-devel.
>
>Björn is basically saying that OpenSP should have escaped the first URL
>to the second. AFAICS it would not be wrong to do so, but neither is
>it required. Who is right?
I am :-) See section 4.2.2 of XML 1.0,
http://www.w3.org/TR/REC-xml#dt-sysid
[...]
* Each disallowed character is converted to UTF-8 [IETF RFC 2279] as
one or more bytes.
* Any octets corresponding to a disallowed character are escaped with
the URI escaping mechanism (that is, converted to %HH, where HH is
the hexadecimal notation of the byte value).
* The original character is replaced by the resulting character
sequence.
[...]
This is a MUST.
Received on Wednesday, 4 December 2002 14:16:12 UTC