Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What do the chars %7D mean in an url query?

If I access my webapp with the url

/vi/5907399890173952.html

then it works but when I look in the log files then googlebot is trying to access a similar url which generates an exception:

/vi/5907399890173952.html%7D%7D

what does it mean and how can it be handled as an exception? The message from python is:

 /vi/5251302833520640.html%7D%7D 404 20ms 0kb Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) module=default version=release140319 66.249.67.109 - - [19/Mar/2014:07:53:32 -0700] "GET /vi/5251302833520640.html%7D%7D HTTP/1.1" 404 84 - "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ms=21 cpu_ms=0 cpm_usd=0.000009 app_engine_release=1.9.1 instance=00c61b117c0bc0f980f2a37a6ac534786055d3ab E 2014-03-19 15:53:32.678 get() takes exactly 3 arguments (2 given) 

The regex that I use for the url is

('/vi/(\d+)(\.html?)?', NewHandler)

Update 140319 21:54 CET

I think I've found the leakage from a jinja2 template:

{{scored_document.fields.0.value|safe}

I patched it with another } now.

like image 508
Niklas Rosencrantz Avatar asked Mar 19 '14 15:03

Niklas Rosencrantz


People also ask

What does Symbols & mean in URL?

& (Ampersand) - Used to delimit query string parameters. ' (Apostrophe / Single quote) - Not sure. No special meaning in the URL-path or query string. JavaScript does not encode this character.

What are the special characters in URL?

Reserved characters − These are special characters such as the dollar sign, ampersand, plus, common, forward slash, colon, semi-colon, equals sign, question mark, and "at" symbol. All of these can have different meanings inside a URL so need to be encoded.

What character indicates a query string in a URL?

Query strings The question mark ("?", ASCII 3F hex) is used to delimit the boundary between the URI of a queryable object, and a set of words used to express a query on that object.


1 Answers

%7D is the ASCII code for the } character, which is probably leaking through from a template...

like image 131
Martin Berends Avatar answered Sep 19 '22 13:09

Martin Berends