Lucas Thompson wrote:

> If you try to view a URL like "http://foo/bar\image.gif" in IE 6, the
> browser will (incorrectly) send out a request-URI like
> "/bar/image.gif" where Firefox 2 will (correctly) send out a
> request-URI like "/bar%5Cimage.gif".

I've tried to find out what the "RFC correct" way is. Fact seems to be that
a URL like "http://foo/bar\image.gif" is not a valid URL, and I have not
found any RFC that states what to do with an invalid URL of this form to
make it a valid URL. Simply refusing it would definitely be correct, but
neither of the common browsers does that.

To me, it seems that translating a backslash in an invalid URL into %5C is
just as valid (and just as "guessing") as translating it into a forward
slash. None of the two behaviors is specified or prohibited by an RFC,
AFAIK -- the RFC just says the URL with the backslash is invalid. As long
as nobody can cite the RFC where it is defined what to do with such an URL,
neither behavior is more "correct" (in terms of standard compliance) than
the other.

While there's an RFC that says that %5C is what you should use if you want
to use an encoded backslash in an URL, there's nothing that says that you
really want a backslash in an invalid URL like "http://foo/bar\image.gif".
If you really wanted a backslash, the assumption is that you'd use
"http://foo/bar%5Cimage.gif" instead (which is valid). Guessing that
"http://foo/bar%5Cimage.gif" is what is really meant is not anymore
standard-conform (and very likely less often correct) than guessing that
"http://foo/bar/image.gif" is what is really meant -- refusing the URL
altogether would be the most uncontestable standard-conform behavior.

Now, if you feed IE a valid URL like "http://foo/bar%5Cimage.gif", it will
indeed send out a request that looks like "GET /bar%5Cimage.gif HTTP/1.1",
which to me looks like standard-conform behavior. (Which also should give
all those a rest who claimed that not being able to send an encoded
backslash in the path part of the URL back to the server through IE is the
end of the internet as we know it. I don't know why anyone would want to do
it, but here you go... if you want to, you can do it. With IE. What I'd
like to know is why it was claimed that this is not possible.)

The conclusion is that both Firefox and IE (and all other browsers) have to
guess what to do with this invalid URL that contains a backslash. One
guesses this way, the other guesses the other way. None sends out the
illegal URL with the backslash -- which is a good thing, because we all
want standard-conform behavior, it seems :)

So in all this discussion, I still have to see someone point to the RFC
that states that what IE does in this case is not standard-conform. With so
many claims that it is, this should be easy...


> imho doing whatever friendly thing you can to silently correct common
> mistakes in cases like this is a good thing as long as it doesn't
> interfere with too many other uses. It's how most people want products
> to behave.

Agreed... that's probably why this is the policy adopted by all common
browsers (including Firefox).

Gerhard

-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist