[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[Libevent-users] evhttp_encode_uri() fails to escape certain characters



Hello,

While using 'evhttp_encode_uri()' to encode GET & POST fields (I hope this is the right function to use) I noticed that a lot of characters are not being escaped in the way I would expect them to be escaped.

For example: I would have expected it to encode '+' to '%2B' because it will otherwise be treated as a space by the receiving webserver, but it didn't.

I can't directly find a good source mentioning all characters that need escaping but when looking at the following wikipedia link you can get an impression of some of the characters that should be escaped: http://en.wikipedia.org/wiki/Percent-encoding.

When I take their first example ( ! * ' ( ) ; : @ & = + $ , / ? # [ ] ) and feed it to evhttp_encode_uri() then only 6 out of the 18 characters are being escaped:

- Escaped: ; & ? # [ ]
- Not escaped: ! * ' ( ) : @ = + $ , /

Looking at their second example ( < > ~ . " { } | \ - ` _ ^ % <space> ) libevent seems to do quite a bit better: 11 out of the 15 characters are being escaped, and those are rather harmless:

- Escaped: < > " { } | \ ` ^ % <space>
- Not escaped: ~ . - _

For reference I have also tested this with PHP's 'urlencode()' which fully escaped all characters from the first example but skipped the following (also rather harmless) characters in the second example: . - _

The second example should be fine, but the first one clearly lists quite a few of characters that are not being escaped and that should be escaped.

Could you take a look at this? I hope this is enough information for now, but if you want me to do more testing/need more information then just let me know.

Before I forget: I tested this with both 2.0.2-alpha and 2.0.7-rc

Sincerely yours,
Bas Verhoeven

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.