Date:  27 Nov 2014 18:52:09 Hong Kong Time

[PEAR-BUG] Bug #20425 [Opn]: Incomplete percent-encoding of userinfo, path and query

NNTP-Posting-Host:  null

Edit report at

 ID:               20425
 Updated by:
 Reported By:      jan dot prachar at gmail dot com
 Summary:          Incomplete percent-encoding of userinfo, path and
 Status:           Open
 Type:             Bug
 Package:          Net_URL2
 Package Version:  2.0.9
 PHP Version:      Irrelevant
 Roadmap Versions: 
 New Comment:

Hi Jan,

some help would be great. A compilation which browser auto-converts
which characters in a 
structured manner would be great (for which part) so it is easier to
review (and implement) an 
accepted / safe way to deal with "readable" URLs as input.

Additionally any kind of feedback is always welcome!

Previous Comments:

[2014-11-24 10:18:32] pracj3am

Do you need any help?


[2014-10-10 00:23:36] tkli

at least the documentation problem will be resolved in the next 2.0.10
release (just around the 


[2014-10-09 14:24:28] tkli

colons in path perhaps shouldn't be translated for interoperability


[2014-10-09 14:14:32] tkli

That's good info.

I think we should do a matrix specifying which part (userinfo, host,
path, query, fragment) should 
deal with which characters.

E.g. the Firefox issue you refer to is about the query if I grasped it

We then can put it to a test and have it properly specified. This should
make clear what the intend 
is and how it was solved.


[2014-10-09 13:38:51] pracj3am

I also experimented with different browsers. For eaxmple following URL
' "<>[]\{}|`^? "<>[]\{}|`^'

Chromium turn into
GET /%20%22%3C%3E[]/%7B%7D%7C%60%5E?%20%22%3C%3E[]\{}|`^

GET /%20%22%3C%3E%5B%5D%5C%7B%7D|%60%5E?%20%22%3C%3E[]\{}|%60^

So in the path component Chromium encodes everything except square
brackets and backslash (turned into slash). While Firefox encodes
everything but |. In the query component they are quite permitive.

Notice that not encoding square brackets was reported as bug in Firefox
and fixed recently see

Anyway I think you cannot make any harmm if you ancode all invalid


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

Edit this bug report at