> On Sun, Oct 18, 2009 at 6:09 AM, Pádraic Brady <[email protected]> > wrote: >> Presumably the secret is not a string of characters but a randomly generated >> stream of bytes. Bytes != Characters. Character encoding is not relevant.
Sorry, my initial report was bogus, I hadn't checked http://www.w3.org/TR/1999/REC-html401-19991224/interact/forms.html#h-17.13.4 It's like this: Suppose you generate a hub.secret string and it contains the hex bytes 26 66 66 66 3D 62 61 72. Well, you can't just stick those into a application/x-www-form-urlencoded message body "as bytes" without getting a nasty surprise. You have to send them as %26%66... and so on. -T
