查询字符串退化情况 [英] Query string degenerate cases

查看:136
本文介绍了查询字符串退化情况的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在寻找一个正确的regualr表达式来验证URI查询字符串。我找到了一些答案这里在哪里但我仍然对边缘情况有疑问,其中键或值可能为空。例如,应将以下内容视为有效查询字符串吗?

I am looking around looking for a correct regualr expression for validating URI query strings. I found some answers here or here but I still have doubts on the edge cases, where the key or the value could be empty. For example, should be the following treated as valid query strings?

?&&
?=
?a=
?a=&
?=a
?&=a


推荐答案


我正在寻找[有效] URI查询字符串的正确正则表达式。

I am looking [...] for a correct regular expression for [valid] URI query strings.

当然,没有问题。根据 RFC 3986,附录B ,这里是:

Sure thing, no prob. As per RFC 3986, appendix B, here it is:

^([^#]*)$

如果你想要更精细的东西,你可以检查第3.4节,除了百分比编码实体外,还允许使用其他字符。正则表达式看起来像这样:

If you want something more elaborate, you can check section 3.4 for the allowed characters in addition to percent-encoded entities. The regex would look something like this:

^(%[[:xdigit:]]{2}|[[:print:]])*$

就RFC 3986而言,到目前为止,您的所有示例都是有效的。 RFC告诉我们查询字符串必须如何编码,而几乎没有说明查询字符串必须如何结构化。较旧的RFC不断地在CGI和HTTP之间转换查询字符串结构的权限,而无需正式指定语法(参见例如 RFC 3875,sec.4.1.7 RFC 2396,sec.3.4 RFC 1808,sec.2.1 ,…)。

As far as RFC 3986 is concerned, all your examples are valid so far. The RFC is telling us how the query string has to be encoded while saying little about how the query string has to be structured. Older RFCs are continuously shifting authority over the structure of query strings between CGI and HTTP without ever formally specifying a grammar (see e.g. RFC 3875, sec. 4.1.7, RFC 2396, sec. 3.4, RFC 1808, sec. 2.1, …).

可以在 RFC 7230,第2.4节


应用程序不能直接指定查询的语法,因为这可能导致不支持特定形式的查询的部署的操作困难。
[…]
HTML 约束表单提交中使用的查询字符串的语法。新的表单语言不应该模仿它,而是允许创建更多种类的URI

Applications MUST NOT directly specify the syntax of queries, as this can cause operational difficulties for deployments that do not support a particular form of a query. […] HTML constrains the syntax of query strings used in form submission. New form languages SHOULD NOT emulate it, but instead allow creation of a broader variety of URIs

对这些查询字符串进行完整的有效性检查,你必须实现 W3C推荐的用于解码formdata的算法。可以在正则表达式中完成,但出于理智的原因我会反对它。

For a full validity check on such query strings, you would have to implement the algorithm for decoding formdata recommended by the W3C. Could be done in regex, but I would advise against it for reasons of sanity.

关于你的例子:我相信它们都是有效的。如何解释它们应留给接收应用程序。有些并不像你想象的那样边缘,但是:?&& 只是一个空字典,而?= a 可以映射到 {:a}

With regard to your examples: I believe they are all valid. How they are interpreted should be left to the receiving application. Some are not as much of a fringe case as you may think, though: ?&& is simply an empty dictionary while ?=a could map to { "": "a" }.

这篇关于查询字符串退化情况的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆