[langsec-discuss] URL parsing

Will Sargent will.sargent at gmail.com
Sat Dec 7 19:36:06 UTC 2013


While we're on the topic of "X being broken" -- apparently URL parsing has
to be done in stages, and each segment of a URL has different parsing
rules.  And java.net.URLEncoder is only useful for HTTP form encoding, not
actual URLs.

http://blog.palominolabs.com/2013/10/03/creating-urls-correctly-and-safely/

Which means everyone using Java, over the last 20 years or so, has been
parsing URLs the wrong way.  I'm not sure there's enough face palm.

Will.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.langsec.org/pipermail/langsec-discuss/attachments/20131207/e9a14edd/attachment.html>


More information about the langsec-discuss mailing list