uriparser / uriparser

:hocho: Strictly RFC 3986 compliant URI parsing and handling library written in C89; moved from SourceForge to GitHub

Home Page:https://uriparser.github.io/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Use of backslash in userinfo

midicase opened this issue · comments

I have someone insisting to use a baskslash() in userinfo, like http://foo\bar:pass@host. uriParser fails to parse, as I would expect. After rechecking, I'm having a hard time understanding RFC3986's intent of handling backslash.

As far I can tell the character is completely forbidden and there no way to escape?

Edit:
Actually the backslash is in the query string, but still should apply also.

Hi @midicase,

uriparser is stricly RFC3986 compliant. The "escaping mechanism" of URI is percent encoding —— where allowed — e.g. %41 will end up as A — uppercase "A" — after unescaping. Without a proper check, I'd expect %5c to be a backslash:

In [4]: hex(ord('\\'))
Out[4]: '0x5c'

Does that fully answer your question?

Are you suggesting to escape the URI before parsing? Not sure that works. The problem is a user wants to use
scheme://foo\bob:pass@host

The userinfo section apparently comes from windows authentication system (DOMAIN\user). But I am pretty there is not any way to deal with it except to parse out the userinfo manually before handing off to uriparser.

I would suggest to use scheme://foo%5cbob:pass@host for a URI, parse it, split user info at ":", unescape both parts.

Thanks, that is a good idea.