Re: URIs vs. half-baked URIs (was Filesel drag and drop)



On Thu, 2 Aug 2001, Derek Simkowiak wrote:

> -> You can't really distinguish between a half-baked URI (or just really
> -> goofy unix filename that might correspond to a literalily saved URI) in
> -> the presence of filenames with % marks inside. 
> 
> 	It's even worse than that.
> 
> 	Some application servers don't use properly-formatted Query
> Strings in their URLs, i.e., you could see something like
> 
> http://server/app/getobject.nsf?type=file&name=has%20space&path=/some/path
> 
> 	Technically, the "/some/path" is supposed to be URL encoded, but
> the appserver (the .nsf file in this example) is hard-coded to accept that
> un-encoded variable directly.  An application would see this as a properly
> formatted URI with a very wacky directory name in the third level down.
> 

There are plenty of scripts out there generating URLs that have totally
unencoded spaces inside the URL. There is only so much we can do about 3rd
party http: "pointers". 

> 	Yes, I have seen this in the real world.  I've seen it in web apps
> used by very large companies, which are produced by very large companies.
> 
> 	Note that something like a %20 (space) could never appear in a
> URI, even a file:// URI.  Also note that you never know if a % is supposed
> to be just the '%' or the URI encode flag.  (I've seen stuff with hidden
> form variables that wind up looking like:
> 
> var=has%2520space
> 
> 	(where %25 is the URI encoding for '%' and %20 is space.)
> 

AFAIK uri encoding/decding is strictly one-pass process and no unencoded
%-s are allowed inside it. OTOH, it's been a while I looked at the spec.

	Sander

I haven't been vampired. You've been Weatherwaxed.






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]