httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dean gaudet <dgaudet-list-new-ht...@arctic.org>
Subject Re: escaping/unescaping nits
Date Fri, 23 Feb 2001 20:57:18 GMT
On Sat, 17 Feb 2001, Abhijit Menon-Sen wrote:

> dgaudet-list-new-httpd@arctic.org (2001-02-17 03:30:13):
> >
> > i'm pretty sure there's also a need to unescape the scheme, but i
> > didn't try to fix that...
> > [...]
> >
> >   +  *) Escapes in hostnames such as www.%61rctic.org were not handled
> >   +     properly.  [Dean Gaudet]
> >   +
>
> Are people actually using such constructs? According to RFC 2396 (and
> 1738), neither the scheme nor the hostname is allowed to contain escaped
> characters:
>
> RFC 2396, Appendix A:
> |
> |     scheme        = alpha *( alpha | digit | "+" | "-" | "." )
> |
> |     [...]
> |
> |     host          = hostname | IPv4address
> |     hostname      = *( domainlabel "." ) toplabel [ "." ]
> |     domainlabel   = alphanum | alphanum *( alphanum | "-" ) alphanum
> |     toplabel      = alpha | alpha *( alphanum | "-" ) alphanum
> |     IPv4address   = 1*digit "." 1*digit "." 1*digit "." 1*digit

i asked Roy Fielding about this before i did the change -- and he
indicated that it was correct to unescape.  i'm not sure anyone is
presently doing it, but apparently for DNS I18N this type of escaping is
expected.  (as such it'd be nice for apache to do the right thing.)

i admit, rfc2396 doesn't allow hostname escaping.

-dean


Mime
View raw message