Re: [check] Bug 66

* Nick Kew <> wrote:
>  The bug report seems to me to be in error.  Or, more specifically, it
>  hinges  on whether unescaped ö is allowed in a QUERY_STRING.  It may be
>  unsafe(?), but is AFAICS nevertheless legal, so ISTM SP is working
>  correctly, and the bug is in the serverside script.

>  If someone can convince me otherwise, I could patch it fairly easily to
>  escape 8-bit URIs, but I fear that could introduce serious bugs when
>  working with a 16-bit charset.  So at the very least I'd have to ask on
>  openjade-devel.
>Björn is basically saying that OpenSP should have escaped the first URL
>to the second.  AFAICS it would not be wrong to do so, but neither is
>it required.  Who is right?

I am :-) See section 4.2.2 of XML 1.0,

  * Each disallowed character is converted to UTF-8 [IETF RFC 2279] as
    one or more bytes.

  * Any octets corresponding to a disallowed character are escaped with
    the URI escaping mechanism (that is, converted to %HH, where HH is
    the hexadecimal notation of the byte value).

  * The original character is replaced by the resulting character

This is a MUST.

Received on Wednesday, 4 December 2002 14:16:12 UTC