Hi,
On Tuesday, June 20, 2017 at 12:18:21 PM UTC+2, Ole Laursen wrote:
>
> Yet, : is specifically mentioned as a reserved character:
>
It depends on the context. The assumption here is that the encoded data is
always used as part of the path/querystring, for which rfc1738 says:
Within the <path> and <searchpart> components, "/", ";", "?" are reserved. The
"/" character may be used within HTTP to designate a hierarchical structure.
In that sense, ":" is not a reserved character.
It is used for the scheme "https:". encodeURIComponent(":") returns "%3A".
>
The usefulness of that function seems questionable to me.
> If I do a test with a link like <a href="/:baz/?foo:=:bar"> in Firefox,
> the browser doesn't quote any of the colons, though.
This is correct behaviour since ":" is not reserved after all.
> OTOH, if you put in "foo:bar/" as a relative link, foo: is interpreted as
> a scheme. So it's not unconditionally safe.
>
That is true, but then again relative links are hardly useful for cases
where d.c.signing is used (usually in an email or when providing a full
link to a resource). Even if not, I'd strongly suggest to start with an
absolute path at least.
I don't know if it is worth it to switch to another default separator (say
> *). There would need to be a fallback to : for some years at least.
>
Given the "impact" it is imo not worth to change.
Cheers,
Florian
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/b3e4c226-55b6-4fe1-bba2-1f93c3cbad65%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
