Lone % in query parts (was: Re: Clarifying the URL Standard goals)

On 2012/11/08 21:26, Julian Reschke wrote:
> On 2012-11-08 12:52, Anne van Kesteren wrote:
>> ...
>>> What do you mean by "a query with a lone "%" can be the output of the
>>> parser"? Does that mean that it is sent as such to the server? What do
>>> servers do with it? Would it hurt to escape it to %25? Or is that
>>> done in a
>>> later stage?
>>
>> Servers appear to not pay much attention to it. http://www.w3.org/?%
>> is an example. Escaping it to %25 seems dangerous compatibility wise.

I don't think http://www.w3.org/?% is a good example, because that page 
doesn't accept query parts at all. A better example would be a page that 
actually depends on a query part.

I just tested with http://www.google.com/?q=% and 
http://www.google.com/?q=%25.

On Opera, I get the same result (a page with "%" in the search box), but 
the difference in the address field stays. When requesting the actual 
search, the difference (% vs. %25) stays if I keep Javascript on. It 
disappears when I switch it off.

On Safari, an input of http://www.google.com/?q=% gets turned into 
http://www.google.com/?q=%25. As confirmed with Wireshark, the query 
leaves the browser as GET /?q=%25 HTTP/1.1. That means that Safari does 
convert the % to a %25.

Chrome behaves more like Opera. I didn't find a way to switch off 
JavaScript (maybe I didn't look long enough), but that part isn't at the 
core of what we are testing here.

Firefox is the same as Opera. IE also seems to be the same or similar.


> That's something we should test (and potentially eliminate) instead of
> making it mandatory.

Did you mean the above tests, or something else?

I'd definitely also like to see some tests on the server side. For 
example, what happens in Apache when it receives "%" vs. "%25"? What 
about other servers, frameworks, and so on.

Regards,   Martin.


>  > ...
>
> Best regards, Julian
>
>

Received on Tuesday, 13 November 2012 09:14:21 UTC