Is there a reason Rails 3 no longer URI escapes [ and ]? Example: # Rails 2.3.5 $ script/console Loading development environment (Rails 2.3.5) >> app.url_for(:controller=>'sequel', 'a[b]'=>1) => "http://www.example.com/sequel?a%5Bb%5D=1"; >> app.url_for(:controller=>'sequel', Rack::Utils.escape('a[b]')=>1) => "http://www.example.com/sequel?a%255Bb%255D=1";
# Rails 3.0.0 $ rails console Loading development environment (Rails 3.0.0) irb(main):001:0> app.url_for(:controller=>'sequel', 'a[b]'=>1) => "http://www.example.com/sequel?a[b]=1"; irb(main):002:0> app.url_for(:controller=>'sequel', Rack::Utils.escape('a[b]')=>1) => "http://www.example.com/sequel?a%255Bb%255D=1"; I'm not sure it this is intentional or if this is a bug. RFC 3986 (http://tools.ietf.org/rfc/rfc3986.txt) implies that [ and ] are reserved characters in the query part of URIs. reserved = gen-delims / sub-delims gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "@" In Section 2.2 it says: URI producing applications should percent-encode data octets that correspond to characters in the reserved set unless these characters are specifically allowed by the URI scheme to represent data in that component. The HTTP RFC (RFC 2616) references the older URI RFC (RFC 2396: http://www.ietf.org/rfc/rfc2396.txt), which doesn't state that [ and ] are reserved characters in the query. But the HTTP RFC doesn't specifically allow them either. As it predates RFC 3986, I'm not sure what is considered the best practice. Obviously Rails is escaping some characters and not others, and it isn't using Rack::Utils.escape to do the escaping. Jeremy -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
