Is a colon `:` safe for friendly-URL use?

by

I recently wrote a URL encoder, so this is pretty fresh in my mind.

http://site/gwturl#user:45/comments

All the characters in the fragment part (user:45/comments) are perfectly legal for RFC 3986 URIs.

The relevant parts of the ABNF:

fragment      = *( pchar / "/" / "?" )
pchar         = unreserved / pct-encoded / sub-delims / ":" / "@"
unreserved    = ALPHA / DIGIT / "-" / "." / "_" / "~"
pct-encoded   = "%" HEXDIG HEXDIG
sub-delims    = "!" / "$" / "&" / "'" / "(" / ")"
                 / "*" / "+" / "," / ";" / "="

Apart from these restrictions, the fragment part has no defined structure beyond the one your application gives it. The scheme, http, only says that you don’t send this part to the server.

EDIT:

D’oh!

Despite my assertions about the URI spec, irreputable provides the correct answer when he points out that the HTML 4 spec restricts element names/identifiers.

Note that identifier rules are changing in HTML 5. URI restrictions will still apply (at time of writing, there are some unresolved issues around HTML 5’s use of URIs).

More Related Contents:

  1. What are the safe characters for making URLs?
  2. Why do some websites add “Slugs” to the end of URLs? [closed]
  3. How to get Url Hash (#) from server side
  4. URL encoding the space character: + or %20?
  5. Get fragment (value after hash ‘#’) from a URL [closed]
  6. Does a `+` in a URL scheme/host/path represent a space?
  7. Get the subdomain from a URL
  8. Is there a way to change the browser’s address bar without refreshing the page?
  9. When should I use a trailing slash in my URL?
  10. slashes in url variables
  11. Should URL be case sensitive?
  12. What does a dot mean in a URL path?
  13. Passing parameter via url to sql server reporting service
  14. url with multiple forward slashes, does it break anything?
  15. What’s the best way to get the current URL in Spring MVC?
  16. Encoding of XHTML and & (ampersand)
  17. delete version number in url
  18. A url resource that is a dot (%2E)
  19. What is %2C in a URL?
  20. PathLocationStrategy vs HashLocationStrategy in web apps
  21. Passing a parameter via URL to SQL Server Reporting Services
  22. Add parameters to the URL (redirect) via a Greasemonkey/Tampermonkey/Userscript
  23. How do I choose the URL for my Spring Boot webapp?
  24. Node.js – How can I remove the port from the url? [closed]
  25. What is the definition of an absolute URL (fully qualified?)
  26. Tomcat session management – url rewrite and switching from http to https
  27. Different result when using GET/POST in elastic search
  28. GitHub source dynamic navigation
  29. Does VBA have any built in URL decoding?
  30. Is array syntax using square brackets in URL query strings valid?

Leave a Comment