Thu, 27 Apr 2023 09:21:22 +0300, /Stanimir Stamenkov/:
Thu, 27 Apr 2023 05:52:00 +0000 (UTC):
Oleg Kalnichevski commented on HTTPCORE-744:
--------------------------------------------
RFC 3986 (section 6.2.2.2) is explicit that %nn encoded characters
are only equivalent to their non-encoded forms for unreserved
characters.
With all due respect [~markt] but is it? To me it looks it explicitly
states something quite different and the rest is just a conjecture.
HttpCore 5.2.1 does not correctly handle semi-colon (;) and equal
sign (=) characters in URI set as Location header.
--------------------------------------------------------------------------------------------------------------------
Key: HTTPCORE-744
URL: https://issues.apache.org/jira/browse/HTTPCORE-744
"2.2. Reserved Characters"
<https://www.rfc-editor.org/rfc/rfc3986#section-2.2>:
The purpose of reserved characters is to provide a set of delimiting
characters that are distinguishable from other data within a URI.
URIs that differ in the replacement of a reserved character with its
corresponding percent-encoded octet are not equivalent. Percent-
encoding a reserved character, or decoding a percent-encoded octet
that corresponds to a reserved character, will change how the URI is
interpreted by most applications. Thus, characters in the reserved
set are protected from normalization and are therefore safe to be
used by scheme-specific and producer-specific algorithms for
delimiting data subcomponents within a URI.
One may have a look at JavaScript's encodeURI() vs.
encodeURIComponent(), also:
encodeURI() escapes all characters except:
A–Z a–z 0–9 - _ . ! ~ * ' ( )
; / ? : @ & = + $ , #
The characters on the second line are characters that may be part of
the URI syntax, and are only escaped by encodeURIComponent().
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent
--
Stanimir
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org