Reputation: 581
How should fragment part of a URL be escaped?
If a URL has unusual characters in the fragment part (i.e. after #) how should they be (percent) escaped? I can't find a consistent answer in how browsers handle this, which is probably a good reason not to have them, but I'd like to know what the 'right' answer is.
My testing seems to suggest not to escape at all, but that this is only reliable when following links, not when pasting into a browser's address bar.
I wrote a little web page as appended. I then pasted the following link into various browsers. The 'go' link in the page is there to see what happens when you click a link as opposed to pasting it (which seems to differ in some browsers)
http://www.frankieandshadow.com/test.html/?new=1#{# &}%7B%23%20%26%7D
(I notice stackoverlow's pattern match for URLs doesn't like that - I intend the whole line; again there may be a clue for me there!)
Chrome appears to do no unescaping of any kind, and produces consistently:
#{# &}%7B%23%20%26%7D
Firefox substitutes some, but not all, of the escaped characters pasted with their non escaped equivalents, and then produces
#{# &}{# &}
and this is the same if you follow the link
Safari (on PC) does the opposite: it encodes non-encoded unusual characters on paste, and then produces
#%7B%23%20&%7D%7B%23%20%26%7D
but following the link is different, producing
#{# &}%7B%23%20%26%7D
IE9, amazingly, behaves just like Chrome
IE7 replaces the real space with %20 on paste but otherwise leaves the URL alone, and produces
#{#%20&}%7B%23%20%26%7D
and if you click the link, it gives
#{# &}%7B%23%20%26%7D
<html>
<head>
<title>test</title>
<script type="text/javascript">
function wibble() {
document.getElementById("wobble").innerHTML =
location.hash.replace(/&/g,"&").replace(/</g,"<").replace(/>/g,">");
}
</script>
</head>
<body onload='wibble()'>
<div id='wobble'></div>
<a href='/test.html?new=1#{# &}%7B%23%20%26%7D'>go</a>
</body>
</html>
Upvotes: 10
Views: 2509
Answers (1)
Reputation: 8689
The ABNF in RFC3986 says that fragments are made up of pchars - i.e. they are percent encoded.
Which is to say that characters in fragment identifiers may be any alphanumeric or one of
-._~!$&'()*+,;=:@
All other characters should be percent encoded.
Upvotes: 7
Related Questions
- Parsing URL hash/fragment identifier with JavaScript
- Using multiple fragment identifiers in a URL
- Looking for regular expression that matches the first part of a URL fragment
- How do I use url fragments when other things get appended to them?
- Putting a fragment identifier inside of a query parameter
- Regex for fragment url, but not whole
- URL fragment identifier - simplify state handling (javascript)
- Url hash fragment format
- JavaScript unable to get fragment when splitting URL
- URL fragments and the BASE tag