Skip to content

Set to do not escape unreserved characters #41

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
May 18, 2015
Merged

Set to do not escape unreserved characters #41

merged 3 commits into from
May 18, 2015

Conversation

chocoelho
Copy link
Member

No description provided.

chocoelho added 2 commits May 14, 2015 11:44
@chocoelho
Made unreserved characters to do not escape
6e66942 
Following this RFC standard: http://tools.ietf.org/html/rfc2396#section-2.3

Signed-off-by: Carlos Oliveira <carlospecter@gmail.com>
Signed-off-by: Luciano Prestes <lucianopcbr@gmail.com>
@chocoelho
Tests for escaped and unescaped characters
87d18a0 
Signed-off-by: Carlos Oliveira <carlospecter@gmail.com>
Signed-off-by: Luciano Prestes <lucianopcbr@gmail.com>
@coveralls
Copy link

Coverage Status

Coverage remained the same at 100.0% when pulling 87d18a0 on carloshfoliveira:unreserved_safe into 3bd895d on TracyWebTech:master.

@seocam
Copy link
Contributor

seocam commented May 14, 2015

Cool! Tests should be implemented on test_request.py instead of test_views.py.

@chocoelho
Copy link
Member Author

Yeah, but we thought that since the changes we made were on views.py, implementing them on test_views.py made sense.

@seocam
Copy link
Contributor

seocam commented May 14, 2015

Nginx currently ONLY escape: " ", "#", "%", "?", "\x1F", "\x7F"
Apache HTTP Server DON'T escape: $-_.+!*'(),:@&=/~"

Currently we are doing to none of those. I'm working on finding a good set of chars.

@chocoelho
Copy link
Member Author

So, the best approach will be defining another charset instead of the unreserved ones that might cover both cases?

@seocam
Copy link
Contributor

seocam commented May 14, 2015

@carloshfoliveira the best approach is the one you used. ;) I'm just concerned about which strings we should consider to be safe.

@seocam
Copy link
Contributor

seocam commented May 14, 2015

@carloshfoliveira let's go for nginx implementation.

Instead of defining the unreserved inside the class it's better to create a constant QUOTE_SAFE just after the imports and use it on the quote function.

QUOTE_SAFE = '<.;>\(}*+|~=-$/_:^@)[{]&\'!,"'`

This is basically string.punctuation without #, ? and %.

You can also use this link as reference instead of the RFC: https://github.com/nginx/nginx/blob/nginx-1.9/src/core/ngx_string.c#L1433-L1449

@coveralls
Copy link

Coverage Status

Coverage remained the same at 100.0% when pulling bc07ce1 on carloshfoliveira:unreserved_safe into 3bd895d on TracyWebTech:master.

@LucianoPC
Change characters into var unreserved to constant QUOTE_SAFE
68c3f1e 
Signed-off-by: Lucas Kanashiro <kanashiro.duarte@gmail.com>
Signed-off-by: Luciano Prestes Cavalcanti <lucianopcbr@gmail.com>
@coveralls
Copy link

Coverage Status

Coverage remained the same at 100.0% when pulling 68c3f1e on carloshfoliveira:unreserved_safe into 3bd895d on TracyWebTech:master.

1 similar comment
@coveralls
Copy link

Coverage Status

Coverage remained the same at 100.0% when pulling 68c3f1e on carloshfoliveira:unreserved_safe into 3bd895d on TracyWebTech:master.

@seocam seocam added the bug label May 18, 2015
seocam added a commit that referenced this pull request May 18, 2015
@seocam
Merge pull request #41 from carloshfoliveira/unreserved_safe
c8662f1 
Set to do not escape unreserved characters
@seocam seocam merged commit c8662f1 into jazzband:master May 18, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@chocoelho @coveralls @seocam @LucianoPC