Re: [xml] Universally replacing space with %20 before calling xmlParseURI - bad?

On Tue, Dec 12, 2017 at 07:38:38AM -0500, doodad-js Admin wrote:
The space character is an unsafe character and must be encoded with "%20"
[1]. So, URLs containing a space character are invalid URLs.


But the reasoning is:

  "The space character is unsafe because significant spaces may
  disappear and insignificant spaces may be introduced when URLs are
  transcribed or typeset or subjected to the treatment of
  word-processing programs."

which is irrelevant to this application.

My question is: if I don't care about making "valid" URLs according to
any RFC, is it unsafe or insecure for some other reason?

(BTW the same RFC also says:

  "In some cases, extra whitespace (spaces, linebreaks, tabs, etc.)
   may need to be added to break long URLs across lines.  The
   whitespace should be ignored when extracting the URL."

which xmlParseURI does not do.)


Richard Jones, Virtualization Group, Red Hat
Read my programming and virtualization blog:
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]