see whatever…

jump to menu

July 9, 2007

What is allowed in a URL parameter name?

Filed under: Javascript,Web — see @ 9:50 pm

I am wondering what actually is allowed in a URL parameter name? Skimming RFC 3368 does not really gave me a proper answer (probably I am not reading properly enough though). But as far as I understand it any character should be allowed if escaped (if necessary). So an URL like http://www.example.com?@ref=5 should work, and also parameter names like “öäü€” should work if escaped, which would look like http://www.example.com?%C3%B6%C3%A4%C3%BC%E2%82%AC=5

I tried that in a simple Tomcat servlet and also a simple PHP page, both give the correct anwer, if asking I got the respective parameter value by its name.

Question is if that is like it should be or if both are simply very forgiving?

A real edge case would be a parameter name like “[a='1']” which would look URL encoded like: http://www.example.com?%5Ba%3D1%5D=5

Should that actually work? At least a browser does not seem to escape this properly, if putting this into a HTML form like <input name=”[a='1']“>. But using Javascripts encodeURIComponent() function does result in the above escaped version, which should work when sending the form via Ajax (still need to try that out) (and in this case Ajax would be ok as its not an open web page).

Does anyone know if the above assumption are correct and a complete and proper escaping of parameter names should work?

BTW, this is not just a quest for knowledge ;) but I tried to use former XPath expressions as parameter names to use them later on the resulting values. Maybe a bit strange but so I may have parameter names like x[@y='5']…

2 Comments »

  1. I can’t add your post to Digg. How I do this?

    Comment by MOBY — August 10, 2007 @ 11:48 pm

  2. In danger seeming to be ignorant but I never bothered to put Digg, Delicious etc links on this site. Please look on Digg itself. I somehow recall there is also a firefox plugin or even a simple bookmarklet to do this.

    (BTW, is this actually a spam comment or real, regarding your name???)

    Comment by see — September 10, 2007 @ 10:27 pm

RSS feed for comments on this post. TrackBack URL

Leave a comment

Powered by WordPress