- From: Henri Sivonen <notifications@github.com>
- Date: Wed, 07 Aug 2024 22:56:04 -0700
- To: whatwg/url <url@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/url/issues/815/2275009761@github.com>
A couple of updates: First, Gecko no longer needs to allow `%` in general, since there's now a Thunderbird/SeaMonkey-specific hack that permits two specific pseudo host names for which the percent issue was relevant. (I've been told at least one of these pseudo hosts comes from the 1990s.) Second, the remaining Gecko deviation from the spec is that Gecko prohibits `*` and `"` in domain names in URLs. The most significant remaining reason is that those are the characters that are [prohibited in file/directory names on Windows](https://learn.microsoft.com/en-us/windows/win32/fileio/naming-a-file) but are allowed in domains by the URL Standard. I suspect that there might be more software that wishes to be able to create a directory whose name is a domain name taken from a URL on Windows, and allowing `*` and `"` on the URL level is going to lead to inconvenient results in more software than just Gecko. Additionally, there exists an example in the Web Platform that expects the asterisk not to be part of the normal domain name value space so that it's legitimate to use it as a wild card: wild card certificates. There are _other_ things that deal with origins and explicitly _don't_ allow wild cards. Prohibiting `*` in domain names has the useful property that it's legitimate to reject `https://*.example.org/` when someone tries to use it as a wild card origin in a place that does not actually support wild cards. Does URL really need to allow `*` and `"` in domain names? -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/url/issues/815#issuecomment-2275009761 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/url/issues/815/2275009761@github.com>
Received on Thursday, 8 August 2024 05:56:08 UTC