Re: [xml] Universally replacing space with %20 before calling xmlParseURI - bad?

From: "Richard W.M. Jones" <rjones redhat com>
To: doodad-js Admin <doodadjs gmail com>
Cc: veillard redhat com, xml gnome org
Subject: Re: [xml] Universally replacing space with %20 before calling xmlParseURI - bad?
Date: Tue, 12 Dec 2017 12:49:00 +0000

On Tue, Dec 12, 2017 at 07:38:38AM -0500, doodad-js Admin wrote:

The space character is an unsafe character and must be encoded with "%20"
[1]. So, URLs containing a space character are invalid URLs.

[1] http://www.ietf.org/rfc/rfc1738.txt


But the reasoning is:

  "The space character is unsafe because significant spaces may
  disappear and insignificant spaces may be introduced when URLs are
  transcribed or typeset or subjected to the treatment of
  word-processing programs."

which is irrelevant to this application.

My question is: if I don't care about making "valid" URLs according to
any RFC, is it unsafe or insecure for some other reason?

(BTW the same RFC also says:

  "In some cases, extra whitespace (spaces, linebreaks, tabs, etc.)
   may need to be added to break long URLs across lines.  The
   whitespace should be ignored when extracting the URL."

which xmlParseURI does not do.)

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/

Follow-Ups:
- Re: [xml] Universally replacing space with %20 before calling xmlParseURI - bad?
  - From: doodad-js Admin

References:
- Re: [xml] Universally replacing space with %20 before calling xmlParseURI - bad?
  - From: doodad-js Admin

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]