Must '@' and '%40' be treated equivalently in URL paths?

ぃ、小莉子 提交于 2019-12-02 01:52:44

The URIs http://twitter.com/@user and http://twitter.com/%40user are not equivalent.


The URI standard is STD 66, which currently maps to RFC 3986 (which updates RFC 1738).

The section 6.2.2.2. Percent-Encoding Normalization defines how to normalize percent-encoded URIs to compare them for equivalence (after uppercasing hexadecimal digits A-F, as defined by 6.2.2.1 Case Normalization).

It says:

[…] some URI producers percent-encode octets that do not require percent-encoding, resulting in URIs that are equivalent to their non-encoded counterparts. These URIs should be normalized by decoding any percent-encoded octet that corresponds to an unreserved character, as described in Section 2.3.

The linked section 2.3 lists the unreserved characters, which are:

  • ALPHA (a-z, A-Z)
  • DIGIT (0-9)
  • - . _ ~

This sections also states that, even in case no normalization happens:

URIs that differ in the replacement of an unreserved character with its corresponding percent-encoded US-ASCII octet are equivalent: they identify the same resource.

The @ is not part of the "unreserved" set. It’s part of the "reserved" set, where it says:

URIs that differ in the replacement of a reserved character with its corresponding percent-encoded octet are not equivalent.

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!