Re: URIs vs. half-baked URIs

From: Owen Taylor <otaylor redhat com>
To: Sander Vesik <Sander Vesik Sun COM>
Cc: Darin Adler <darin bentspoon com>, Daniel Veillard <veillard redhat com>, Alex Larsson <alexl redhat com>, gtk-devel-list gnome org, gnome-hackers gnome org
Subject: Re: URIs vs. half-baked URIs
Date: 03 Aug 2001 12:57:48 -0400

Sander Vesik <Sander Vesik Sun COM> writes:

> On Fri, 3 Aug 2001, Darin Adler wrote:
> 
> [snip]
> 
> > On Friday, August 3, 2001, at 06:02  AM, Sander Vesik wrote:
> > 
> > > I have been living under the impression that there was an rfc that
> > > specified how URIs/URLs were supposed to look like and that it allowed for
> > > no unescaped %-s...
> > 
> > Yes, that's correct. And you could make a function that would reject URIs 
> > that are not properly encoded. But I'm not sure how having this function 
> > would solve the problem of programs that make fake URIs and don't do 
> > encoding.
> > 
> > As Daniel points out, some non-encoded URIs just happen to look just like 
> > real URIs, only they point at a different location. For example, if I have 
> > a file named "%23" and you make a bad URI for it: "file:///home/darin/%23"
> >   it looks exactly the same as a properly encoded URI for a file named "#".
> > 
> 
> As I claimed - you can't reliably distinguish between the two. 
> 
> IMVHO the only way is to very that the string handed over is a valid
> encoded URL, reject it if it isn't and then just make use of the decoded
> string. If it points to something else than people intended - well,
> obviously something else than intended happens. I'm not sure there should
> be double-guessing heuristics cleaning it up.
> 
> You can't really help people who type 
> 	'rm -rf *. o' 
> instead of 
> 	'rm -rf *.o'

A place like the URL line in Nautilus _needs_ to accept unencoded
'URLS'. If I call a directory 'Pictures+Icons', I should _not_ be
expected to type in:

 file://home/otaylor/Pictures%2bIcons

I think when the user types in an URL, you should escape anything
isn't valid for an URL.

Regards,
                                        Owen

(Harder question: should the URL line in Nautilus _unescape_ when
displaying the text? For some things the current escaped display is
basically unreadable; however, if you want to let people
cut-and-paste from the line, then unescaping might be evil.)

Follow-Ups:
- Re: URIs vs. half-baked URIs
  - From: Darin Adler

References:
- Re: URIs vs. half-baked URIs
  - From: Sander Vesik

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]