URL encoding

brettz9

• April 10, 2019 00:34

While I get that:

1. URLs must be escaped within HTML

2. The initial scheme/host portions of a URL (up to but not including the path) may need to be visually escaped to avoid deceptive links which look like another domain is being referenced.

3. The browser has a standard by which upon transmission, the path must be escaped as well

... it is very cumbersome for links with international characters in the paths or hash to be visually escaped, e.g., if one is pointing to say a Russian or Chinese wiki article. These sequences can also get quite long as well as being unreadable to most.

I would suggest that URLs avoid URL-encoding (as opposed to HTML-encoding which of course remains necessary to avoid XSS) the path + hash portion of URLs.

12

• 

  ||Jojo||

  • April 10, 2019 18:22

  This would lead into other problems like ͇ ͇\̿ ̿ ̿ ̿|̿ ̿ |͇ ͇ ͇ ͇ ͇||̶̿ ̶̿ ̶̿ ̶̿'||͇̿ ͇̿ ͇̿ ͇̿) ̿ ̿|̿ ̿ |̶͇̿ ̶͇̿ ͇̿ ╳ ̿ ̿|̿ ̿ |͇ ͇ ͇ ͇ ͇||̿ ̶̿'╮|͇ ͇ ͇ ͇\̿ ̿

  0
• 

  brettz9

  • April 11, 2019 13:39

  I don't understand your concern, ||Jojo|| . So what if combination characters or control characters show up in URLs? It won't do harm in HTML, and it can still be copy-pasted.

  0

Please sign in to leave a comment.