escape vs encodeURIComponent

[rudi-c]

The function Url.encode_arguments, uses the Javascript escape function. However, according to

http://stackoverflow.com/questions/75980/when-are-you-supposed-to-use-escape-instead-of-encodeuri-encodeuricomponent

escape is broken/deprecated and should be replaced with encodeURIComponent. One example of a difference in behavior is that escape does not encode forward slashes.

I think Url.encode_arguments should use encodeURIComponent? But I'm new to this project and not sure if there was a particular reason behind the choice of using escape.

[hhugo]

@vouillon, @balat, you probably have more knowledge than I do on this topic, can you have a look ?

[vouillon]

In OCaml, strings are sequences of bytes. Thus, we are using UTF-8 strings. So for instance, "é" is represented as the two bytes: "\xc3\xa9". We have escape("\xc3\xa9") = "%C3%A9", which is precisely what we want, while encodeURIComponent('\xc3\xa9') = "%C3%83%C2%A9" which is incorrect. Note that encodeURIComponent('é') = "%C3%A9", so we could use this function, but we would need to reencode the string into UTF-16 before that.

Forward slashes are allowed in the query component of URIs according to RFC 3986 (section 3.4).

Hence, I think we are using escape correctly here, though it is indeed easy to misuse it.

Thanks for your remark, and sorry for not replying sooner.

[bobzhang]

@vouillon @hhugo are you interested in pushing more restrictions upstream to do utf8 validation for string literals?
some relevant work: https://github.com/dbuenzli/ppx_utf8_lit

[hhugo]

I believe this has been answered