确定在查询字符串之前跳过斜线? [英] OK to skip slash before query string?
问题描述
在附加查询字符串时总是跳过尾部斜杠是否安全?
也就是说,我可以使用
http://example.com?querystring代替:
http://example.com/?querystring?我使用过的所有虚拟主机都支持此方法,但假设所有服务器环境都支持此方法是否安全?标准吗?
没有.跳过斜线是不正确的.它可能适用于现代浏览器:但是,这并不正确.
请参阅 RFC1738 - URL 和RFC2396 - URI.
符合 RFC1738 的格式(我在此处排除了架构格式):
<块引用><块引用>//<用户>:<密码>@<主机>:<端口>/
接着要注意的是:
<块引用><块引用>...主机(或端口)和 url-path 之间的/"不是 url-path 的一部分.
在这种情况下,?"是 url-path 的一部分
<块引用><块引用>...取决于所使用的方案,以及解释方案的方式.
另请注意,根据规范,省略/url-path"是完全有效的——请注意,/"已明确包含在这种情况下.
因此,foo.com?bar"是无效的,因为在 url-path 之前没有/".
Is it safe to always skip the trailing slash when appending a query string?
That is, can I use
http://example.com?querystring
instead of:
http://example.com/?querystring
? All webhosts I've used support this but is it safe to assume that all server environments will support this method? Is it standard?
No. It is not correct to skip the slash. It may work modern browsers: however, that does not make it correct.
See RFC1738 - URL and RFC2396 - URI.
The format per RFC1738 (I have excluded the schema format here):
//<user>:<password>@<host>:<port>/<url-path>
And it goes on to note that:
...the "/" between the host (or port) and the url-path is NOT part of the url-path.
In this case the "?" is part of the url-path which
...depends on the scheme being used, as does the manner in which it is interpreted.
Also note that, per specification, it is perfectly valid to omit "/url-path" -- note that the "/" has been explicit included in this case.
Thus, "foo.com?bar" is invalid because there is no "/" before the url-path.
这篇关于确定在查询字符串之前跳过斜线?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
