Giter VIP home page Giter VIP logo

Comments (5)

vinniefalco avatar vinniefalco commented on June 26, 2024

What makes you think these need to be escaped? They are not ambiguous, as they are not part of the target. See rfc3986:

https://datatracker.ietf.org/doc/html/rfc3986#section-3.4

      query       = *( pchar / "/" / "?" )

   The characters slash ("/") and question mark ("?") may represent data
   within the query component.

The RFC even explicitly states that it is better not to escape them:

                                However, as query components
   are often used to carry identifying information in the form of
   "key=value" pairs and one frequently used value is a reference to
   another URI, it is sometimes better for usability to avoid percent-
   encoding those characters.

from url.

alandefreitas avatar alandefreitas commented on June 26, 2024

To complement the answer, the only possible component after the query is a fragment. So the only delimiter after the query is a #. That's why ? and / are allowed in the query.

from url.

msherman13 avatar msherman13 commented on June 26, 2024

@vinniefalco ok makes sense. I was going off this link:

https://en.m.wikipedia.org/wiki/Percent-encoding

additionally, the AWS S3 rest API requires it:

https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html

from url.

alandefreitas avatar alandefreitas commented on June 26, 2024

Yes. Unreserved Characters can be used in any component, although individual components can allow more than the unreserved set. For instance:

$> node
new URL('http://www.example.com/a/s/b?f=g/s')
URL {
  href: 'http://www.example.com/a/s/b?f=g/s',
  origin: 'http://www.example.com',
  protocol: 'http:',
  username: '',
  password: '',
  host: 'www.example.com',
  hostname: 'www.example.com',
  port: '',
  pathname: '/a/s/b',
  search: '?f=g/s', // <--------
  searchParams: URLSearchParams { 'f' => 'g/s' },
  hash: ''
}

Whoever wrote the AWS tutorial got that wrong if it's meant as a requirement. I'd be surprised if the server rejects a request because a "/" in the query is unencoded.

from url.

msherman13 avatar msherman13 commented on June 26, 2024

@vinniefalco its not that the AWS server rejects explicitly if slashes aren’t escaped but the issue is that the authorization signature is calculated based on what they call uri-encoded query params. So if we don’t escape the slash when calculating the signature, their signature won’t match and then they reject.

Anyway, topic for another forum. Thanks for the help

from url.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.