Dear Wolfgang,
according to RFC 3986, the at-sign should not be encoded, neither in the
path segments, nor in the query components.
For querycomponents the right parameter for ns_urlencode is
ns_urlencode -part query a@b
The full query parameter pair should be encoded with
set pair [ns_urlencode -part query $key]=[ns_urlencode -part query $value]
RFC 3986 mentions explicitly the at-sign here:
pchar = unreserved / pct-encoded / sub-delims / ":" / "@"
query = *( pchar / "/" / "?" )
The JavaScript definition is rather vague about the meaning of a URI
component; the closest thing in the RFC are path segments and query
components. Since these two kind of components are defined differently
in RFC 3986, it is clear that encodeURIComponent() does not follow the
definition in RFC 3986. JavaScript has actually its own definition of
"Universal Resource Identifier Character Classes" (see Annex 7 in [1]),
which encodes more than necessary (probably JavaScript does not want to
release a new version whenever the RFC is updated). The document states
as well that the syntax of Uniform Resource Identifiers is based upon
RFC 2396 (sect 18.2.6.1.2)
/This syntax of Uniform Resource Identifiers is based upon RFC 2396
and does not reflect the more recent RFC 3986 which replaces RFC
2396. A formal description and implementation of UTF-8 is given in
RFC 3629./
On an other place (section B.2.1.1, definition of escape), it states:
/The encoding is partly based on the encoding described in RFC 1738,
but the entire encoding specified in this standard is described
above without regard to the contents of RFC 1738. This encoding does
not reflect changes to RFC 1738 made by RFC 3986./
An encoding-set agnostic percent decoder decodes everything, so this
works in practice. No recent web software should have problems with
standard-compliant URIs, as produced by NaviServer.
Why are you asking?
all the best
-gn
[1]
https://262.ecma-international.org/9.0/#sec-universal-resource-identifier-character-classes
On 25.08.21 08:21, Wolfgang Winkler via naviserver-devel wrote:
Dear List!
When using ns_urlencode, I've noticed, that the "@" sign will not be
percent encoded, unless "-part oauth1" is stated:
ns_urlencode t...@test.com
t...@test.com
ns_urlencode -part oauth1 t...@test.com
test%40test.com
What is the correct way to encode URL params, e.g. in
http://test.com/register/login?email=t...@test.com
In Javascript (Chrome + Firefox)
encodeURIComponent("t...@test.com");
yields
"test%40test.com"
This is should be the RFC for this topic:
https://datatracker.ietf.org/doc/html/rfc3986#section-2.3
Yours,
Wolfgang
--
*Wolfgang Winkler*
Geschäftsführung
wolfgang.wink...@digital-concepts.com
mobil +43.699.19971172
dc:*büro*
digital concepts Novak Winkler OG
Software & Design
Landstraße 68, 5. Stock, 4020 Linz
www.digital-concepts.com <http://www.digital-concepts.com>
tel +43.732.997117.72
tel +43.699.1997117.2
Firmenbuchnummer: 192003h
Firmenbuchgericht: Landesgericht Linz
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel
--
Univ.Prof. Dr. Gustaf Neumann
Head of the Institute of Information Systems and New Media
of Vienna University of Economics and Business
Program Director of MSc "Information Systems"
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel
