On Tue, Oct 17, 2000 at 10:34:42AM -0700, Randal L. Schwartz wrote:
> As for things that are illegal in a URI that must be escaped, I think
> the list that URI::Escape uses is correct. Obviously, & is legal in a
> URI. But ? is not, because that starts the query string.
Well, the query string is part of the URI, so this is not quite
accurate.
> Think of
> URI::Escape as the way to transform a filename on a Unix system (which
> can be arbitrarily weird) into a URL that can be used to fetch that
> resource.
Ok. If the behavior won't change, may I suggest it be documented
this way? With the warning that it should not be used for other
purposes without due caution (and a pointer to alternatives).
> So, anybody you see writing the code you originally quoted should
> merely be shot.
I see this code all the time. I debug this code all the time.
Moreover, I don't think it's unreasonably at all. Constructing
query strings isn't rocket science, and most CGI programmers have in
their head, "escape the names and values, then separate them with =s
and &s". Which is perfectly fine, except that the obvious candidate
for "escape" doesn't (by default) support this use. That is
surprising.
> I don't think it helps to support WRONG practices,
> especially if it might break CORRECT practices.
Extra escaping will not break this practice (filename -> URI).
Andrew
