Re: url-escaping a string in a shell script.
On Sat, Jul 21, 2001 at 05:07:23PM +0200, Martin F. Krafft wrote:
> also sprach Joost Kooij (on Sat, 21 Jul 2001 03:53:58PM +0200):
> > You read the wrong rfc, the above characters are all allowed in http.
> > Try it again, using spaces, '%', '#' and some control characters.
> > Those will be escaped.
>
> The restricted set of characters consists of dig?
> its, letters, and a few graphic symbols chosen from those
> common to most of the character encodings and input facil?
> ities available to Internet users:
>
> "A" .. "Z", "a" .. "z", "0" .. "9",
> ";", "/", "?", ":", "@", "&", "=", "+", "$", ",", # reserved
> "-", "_", ".", "!", "~", "*", "'", "(", ")"
>
> [...]
>
> Some of the "uric" characters are reserved for use as
> delimiters or as part of certain URI components. These
> must be escaped if they are to be treated as ordinary
> data. Read RFC 2396 for further details.
>
> you can see that both '$' and '/' are restricted (reserved
> characters), and these are escaped by browsers and other HTTP clients
> during form submissions - which is essentially what i want to fake
> from the command line.
They are not restricted, they are "reserved", which the rfc explains as:
you can use them, unless the particular uri of which they are a part
gives them special meaning, in which case they must be escaped. Read
section 2.2 of the rfc.
http://www.rfc-editor.org/rfc/rfc2396.txt
Of course, if you want to fake the behaviour of webbrowsers, avoid all
standards like the plague. Certain browsers will escape all characters
when sending a request to the server. Why do you think that .asp sites
regularly have spaces in uris, without the "designer" being aware of that?
Cheers,
Joost
Reply to: