Re: URIs vs. half-baked URIs

From: Sander Vesik <Sander Vesik Sun COM>
To: Darin Adler <darin bentspoon com>
Cc: Daniel Veillard <veillard redhat com>, Alex Larsson <alexl redhat com>, gtk-devel-list gnome org, gnome-hackers gnome org
Subject: Re: URIs vs. half-baked URIs
Date: Fri, 3 Aug 2001 17:18:05 +0100 (BST)

On Fri, 3 Aug 2001, Darin Adler wrote:

[snip]

> On Friday, August 3, 2001, at 06:02  AM, Sander Vesik wrote:
> 
> > I have been living under the impression that there was an rfc that
> > specified how URIs/URLs were supposed to look like and that it allowed for
> > no unescaped %-s...
> 
> Yes, that's correct. And you could make a function that would reject URIs 
> that are not properly encoded. But I'm not sure how having this function 
> would solve the problem of programs that make fake URIs and don't do 
> encoding.
> 
> As Daniel points out, some non-encoded URIs just happen to look just like 
> real URIs, only they point at a different location. For example, if I have 
> a file named "%23" and you make a bad URI for it: "file:///home/darin/%23"
>   it looks exactly the same as a properly encoded URI for a file named "#".
> 

As I claimed - you can't reliably distinguish between the two. 

IMVHO the only way is to very that the string handed over is a valid
encoded URL, reject it if it isn't and then just make use of the decoded
string. If it points to something else than people intended - well,
obviously something else than intended happens. I'm not sure there should
be double-guessing heuristics cleaning it up.

You can't really help people who type 
	'rm -rf *. o' 
instead of 
	'rm -rf *.o'

>      -- Darin
> 

	Sander

I haven't been vampired. You've been Weatherwaxed.

Follow-Ups:
- Re: URIs vs. half-baked URIs
  - From: Owen Taylor

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]