On Sat, Jul 21, 2001 at 05:07:23PM +0200, Martin F. Krafft wrote: > also sprach Joost Kooij (on Sat, 21 Jul 2001 03:53:58PM +0200): > > You read the wrong rfc, the above characters are all allowed in http. > > Try it again, using spaces, '%', '#' and some control characters. > > Those will be escaped. > > The restricted set of characters consists of dig? > its, letters, and a few graphic symbols chosen from those > common to most of the character encodings and input facil? > ities available to Internet users: > > "A" .. "Z", "a" .. "z", "0" .. "9", > ";", "/", "?", ":", "@", "&", "=", "+", "$", ",", # reserved > "-", "_", ".", "!", "~", "*", "'", "(", ")" > > [...] > > Some of the "uric" characters are reserved for use as > delimiters or as part of certain URI components. These > must be escaped if they are to be treated as ordinary > data. Read RFC 2396 for further details. > > you can see that both '$' and '/' are restricted (reserved > characters), and these are escaped by browsers and other HTTP clients > during form submissions - which is essentially what i want to fake > from the command line.
They are not restricted, they are "reserved", which the rfc explains as: you can use them, unless the particular uri of which they are a part gives them special meaning, in which case they must be escaped. Read section 2.2 of the rfc. http://www.rfc-editor.org/rfc/rfc2396.txt Of course, if you want to fake the behaviour of webbrowsers, avoid all standards like the plague. Certain browsers will escape all characters when sending a request to the server. Why do you think that .asp sites regularly have spaces in uris, without the "designer" being aware of that? Cheers, Joost