Can I use an at symbol (@) inside URLs?

Question

Is it safe to use an @ symbol as part of a user? For example, a possible URL would be http://example.com/@dave.

The idea is that, nowadays, users are commonly called "@user", so why not make the user page "@username"?

Answer 1

In the RFC the following characters:

! * ' ( ) ; : @ & = + $ , / ? % # [ ]

are reserved and:

The purpose of reserved characters is to provide a set of delimiting characters that are distinguishable from other data within a URI.

So it is not recommended to use these characters without encoding.

Answer 2

I found this question when I tried to search site:typescriptlang.org @ts-ignore at Chrome, and then got the result of This page isn't working, ts-ignore is currently unable to handle this request and I saw the URL became "http://site:typescriptlang.org%20@ts-ignore/". I felt so refused, then searched @ symbol's function at an URL and then I found my answer on Wikipedia.

The full format of the URL is scheme://userInfo@host:port/path?query#fragment. so when we search site:typescriptlang.org @ts-ignore, the browser will think you want to visit "http://site:typescriptlang.org%20@ts-ignore/". In this URL, http is a scheme, site:typescriptlang.org%20 is a userInfo ("%20" is escaped by a space character), "ts-ignore/" is a host. Of course, we can't visit the host named "ts-ignore" without a domain.

So, @ symbol can be a separator between userInfo and host.

Answer 3

Percent-encoded …

You can use the @ character in HTTP URI paths if you percent-encode it as %40.

Many browsers would display it still as @, but e.g. when you copy-and-paste the URI into a text document, it will be %40.

… but also directly

Instead of percent-encoding it, you may use @ directly in the HTTP URI path.

See the syntax for the path of an URI. Various unrelated clauses aside, the path may consist of characters in the segment, segment-nz, or segment-nz-nc set. segment and segment-nz consist of characters from the pchar set, which is defined as:

pchar = unreserved / pct-encoded / sub-delims / ":" / "@"

As you can see, the @ is listed explicitly.

The segment-nz-nc set also lists the @ character explicitly:

segment-nz-nc = 1*( unreserved / pct-encoded / sub-delims / "@" )

So, a HTTP URI like this is totally valid:

http://example.com/@dave

Example

Here is an example Wikipedia page:

• link
• copy-and-paste: http://en.wikipedia.org/wiki/%22@%22_%28album%29

As you can see, the ", (, and ) characters are percent-encoded, but the @ and the _ is used directly.

Answer 4

Can you use the @-symbol in a URL? - Yes, you can!

Note that that @-character, hexadecimal value 40, decimal value 64, is a reserved characters for URI's. It's usage is for things like email-addresses in mailto:URI's, for example mailto:username@somewhere.foo and for passing username and password information on a URI (which is a bad idea, but possible): http://username:password@somewhere.foo

If you want a URL that has an @-symbol in a path you need to encode it, with so called "URL-encoding". For example like this: http://somewhere.foo/profile/username%40somewhere.foo

All modern browsers will display this as http://somewhere.foo/profile/username@somewhere.foo, and will convert any typed in @-sign to %40, so it's easy to use.

Many web-frameworks will also help you either automatically, or with helper-functions, to convert to and from URL-encoded URL's.

So, in summary: Yes, you can use the @-symbol in a URL, but you have to make sure it's encoded, as you can't use the @-character.

Answer 5

Basicaly no.

@ is a reserved character and should only be used for its intended purpose.

See: http://perishablepress.com/stop-using-unsafe-characters-in-urls/ and http://www.ietf.org/rfc/rfc3986.txt

It can be used encoded, but I don't think that is what you were asking.

Apparently modern browsers will handle this. However you asked if this was safe and according to the spec of the RFC you should not be using it (unencoded) unless it is for its intended purpose.