diff options
| author | Maxim Dounin <mdounin@mdounin.ru> | 2021-06-28 18:01:11 +0300 |
|---|---|---|
| committer | Maxim Dounin <mdounin@mdounin.ru> | 2021-06-28 18:01:11 +0300 |
| commit | fee09fc49d510de0078f9bc7fc18dc179cceb62b (patch) | |
| tree | ef50b5f6c6693223082254529d7cad7592c76319 /src/http/ngx_http_request.c | |
| parent | 31d1c34b394ee30b30084ff160133708d0d3b030 (diff) | |
| download | nginx-fee09fc49d510de0078f9bc7fc18dc179cceb62b.tar.gz nginx-fee09fc49d510de0078f9bc7fc18dc179cceb62b.zip | |
Core: escaping of chars not allowed in URIs per RFC 3986.
Per RFC 3986 only the following characters are allowed in URIs unescaped:
unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "@"
sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
/ "*" / "+" / "," / ";" / "="
And "%" can appear as a part of escaping itself. The following
characters are not allowed and need to be escaped: %00-%1F, %7F-%FF,
" ", """, "<", ">", "\", "^", "`", "{", "|", "}".
Not escaping ">" is known to cause problems at least with MS Exchange (see
http://nginx.org/pipermail/nginx-ru/2010-January/031261.html) and in
Tomcat (ticket #2191).
The patch adds escaping of the following chars in all URI parts: """, "<",
">", "\", "^", "`", "{", "|", "}". Note that comments are mostly preserved
to outline important characters being escaped.
Diffstat (limited to 'src/http/ngx_http_request.c')
0 files changed, 0 insertions, 0 deletions