Reputation: 382822
Do I need to escape forward slashes in a URL query string?
For example, is this valid and expresses key = "ab/cd":
http://example.com?key=ab/cd
or do I have to percent % encode the / as in:
http://example.com?key=ab%2Fcd
Upvotes: 4
Views: 2746
Answers (1)
Reputation: 382822
I don't think encoding is needed according to the URL RFC https://datatracker.ietf.org/doc/html/rfc3986#section-3.4 which says:
query = *( pchar / "/" / "?" )characters slash ("/") and question mark ("?") may represent data within the query component. Beware that some older, erroneous implementations may not handle such data correctly when it is used as the base URI for relative references (Section 5.1), apparently because they fail to distinguish query data from path data when looking for hierarchical separators. However, as query components are often used to carry identifying information in the form of "key=value" pairs and one frequently used value is a reference to another URI, it is sometimes better for usability to avoid percent- encoding those characters.
pchar is defined earlier as:
pchar = unreserved / pct-encoded / sub-delims / ":" / "@"
and / is not in unreserved, but the above quote shows that it is explicitly allowed in the query string.
Upvotes: 3
Related Questions
- OK to skip slash before query string?
- What characters must be escaped in an HTTP query string?
- slashes in url variables
- is a query string with a / in it valid?
- Slashes in a query string parameter?
- Trailing slash before a query string. Bad practice?
- Is it correct to have the query parameters directly after a slash in a URL?
- Are slashes allowed in URL fragment or query?
- Should we encode slashes in search part of URLs?
- Is encoding of the query string needed?