- From: Richard Gibson <notifications@github.com>
- Date: Fri, 20 Oct 2017 09:00:06 -0700
- To: whatwg/url <url@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 20 October 2017 16:00:29 UTC
To be honest, I gave up on this specification after https://github.com/whatwg/url/issues/87#issuecomment-257250866 , which explicitly rejects RFC 3986 [Normalization and Comparison](https://tools.ietf.org/html/rfc3986#section-6) and ostensibly allows servers to treat `/-` vs. `/%2D` vs. `/%2d` as distinct. Such a position is impractical (since "comparison methods are designed to minimize false negatives while strictly avoiding false positives"), but also basically impossible to implement in a world where middleboxes _do_ use [syntax-based](https://tools.ietf.org/html/rfc3986#section-6.2.2) and [scheme-based](https://tools.ietf.org/html/rfc3986#section-6.2.3) normalization for equivalence comparison. The problem could be fixed by defining normalization, which should include specifying a [model](https://github.com/whatwg/url/issues/87#issuecomment-255510163) for addressing invalid input like `/%%2d%2d%3f` (e.g., `/%25--%3F` or `%25%252d-%3F` or `%25%252d%252d%253f` or …), but given an express desire to avoid that I think it's dead in the water. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/url/issues/118#issuecomment-338248748
Received on Friday, 20 October 2017 16:00:29 UTC