Re: [jira] [Commented] (HTTPCORE-744) HttpCore 5.2.1 does not correctly handle semi-colon (;) and equal sign (=) characters in URI set as Location header.

Wed, 26 Apr 2023 23:53:17 -0700 

Thu, 27 Apr 2023 09:21:22 +0300, /Stanimir Stamenkov/:

Thu, 27 Apr 2023 05:52:00 +0000 (UTC):


Oleg Kalnichevski commented on HTTPCORE-744:
--------------------------------------------
RFC 3986 (section 6.2.2.2) is explicit that %nn encoded characters are only equivalent to their non-encoded forms for unreserved characters.
With all due respect [~markt] but is it? To me it looks it explicitly states something quite different and the rest is just a conjecture.
HttpCore 5.2.1 does not correctly handle semi-colon (;) and equal sign (=) characters in URI set as Location header. 
--------------------------------------------------------------------------------------------------------------------

                 Key: HTTPCORE-744
                 URL: https://issues.apache.org/jira/browse/HTTPCORE-744
"2.2.  Reserved Characters" <https://www.rfc-editor.org/rfc/rfc3986#section-2.2>: 


   The purpose of reserved characters is to provide a set of delimiting
   characters that are distinguishable from other data within a URI.
   URIs that differ in the replacement of a reserved character with its
   corresponding percent-encoded octet are not equivalent.  Percent-
   encoding a reserved character, or decoding a percent-encoded octet
   that corresponds to a reserved character, will change how the URI is
   interpreted by most applications.  Thus, characters in the reserved
   set are protected from normalization and are therefore safe to be
   used by scheme-specific and producer-specific algorithms for
   delimiting data subcomponents within a URI.
One may have a look at JavaScript's encodeURI() vs. encodeURIComponent(), also: 


encodeURI() escapes all characters except:

A–Z a–z 0–9 - _ . ! ~ * ' ( )

; / ? : @ & = + $ , #
The characters on the second line are characters that may be part of the URI syntax, and are only escaped by encodeURIComponent(). 

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent

--
Stanimir

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

Reply via email to