Marc Haber wrote: > Entering the address into the text field works fine, so we have a case > of bad URL sanitizing. RFC2396, Section 2.2: Many URI include components consisting of or delimited by, certain special characters. These characters are called "reserved", since their usage within the URI component is limited to their reserved purpose. If the data for a URI component would conflict with the reserved purpose, then the conflicting data must be escaped before forming the URI. reserved = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+" | "$" | "," Note the "+". The "reserved purpose" is to fill in for spaces because space terminates the URI (e.g. in the HTTP request string). Yeah, they could have just escaped the space... Cheers T. -- Thomas Viehmann, <http://thomas.viehmann.net/>
Attachment:
pgp9AB469yMCO.pgp
Description: PGP signature