Hex digits in URL encoding should be upper-case #2281
Implementing this change would bring the NSE implementation in line with browser behavior but, more importantly, there are real-world web servers, such as Tridium Niagara, that do not properly parse lower-case hexadecimal digits.
The code change is trivial, but the function is very widely used throughout the NSE code base so it deserves an opportunity for discussion. If no objections are raised then the following patch will be committed in early May:
--- a/nselib/url.lua +++ b/nselib/url.lua @@ -58,7 +58,7 @@ end local function hex_esc (c) - return string.format("%%%02x", string.byte(c)) + return string.format("%%%02X", string.byte(c)) end -- these are allowed within a path segment, along with alphanum
The text was updated successfully, but these errors were encountered: