Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to encode ".." for use in a URL path?

I'm trying to construct a URL with something like:

var myUrl = '/path/to/api/' + encodeURIComponent(str);

But if str is .. then your browser automatically lops off a path segment so that the URL becomes /path/to which is not what I want.

I've tried encoding .. as %2E%2E but your browser still re-interprets it before the request is sent. Is there anything I can do to have path actually come through to my server as /path/to/api/..?

like image 290
mpen Avatar asked Dec 19 '22 18:12

mpen


1 Answers

I believe this is not supported because the behaviour would violate RFC 3986.

From Section 2.3. Unreserved Characters (emphasis mine):

Characters that are allowed in a URI but do not have a reserved purpose are called unreserved. These include uppercase and lowercase letters, decimal digits, hyphen, period, underscore, and tilde.

 unreserved  = ALPHA / DIGIT / "-" / "." / "_" / "~"

URIs that differ in the replacement of an unreserved character with its corresponding percent-encoded US-ASCII octet are equivalent: they identify the same resource. However, URI comparison implementations do not always perform normalization prior to comparison (see Section 6). For consistency, percent-encoded octets in the ranges of ALPHA (%41-%5A and %61-%7A), DIGIT (%30-%39), hyphen (%2D), period (%2E), underscore (%5F), or tilde (%7E) should not be created by URI producers and, when found in a URI, should be decoded to their corresponding unreserved characters by URI normalizers.

From Section 6.2.2.3. Path Segment Normalization (emphasis mine):

The complete path segments "." and ".." are intended only for use within relative references (Section 4.1) and are removed as part of the reference resolution process (Section 5.2). However, some deployed implementations incorrectly assume that reference resolution is not necessary when the reference is already a URI and thus fail to remove dot-segments when they occur in non-relative paths. URI normalizers should remove dot-segments by applying the remove_dot_segments algorithm to the path, as described in Section 5.2.4.):

like image 134
Jeremy Avatar answered Jan 02 '23 10:01

Jeremy