[ACCEPTED]-HTTP URL - allowed characters in parameter names-specifications
There are no restrictions on escaped parameter 4 names in the URI specs. There might be restrictions 3 in the server-side software that you use, though. This 2 is especially true if you use “homemade” scripts 1 to interpret URIs.
There are reserved characters for URLs, but 9 as long as you escape (urlencode) then you 8 should be fine.
Depending on the framework 7 used, you may get exceptions if you try 6 to submit suspicious values. ASP.NET has 5 content filtering that will throw exceptions 4 if you try to submit "unsafe" data, like 3 scripts or HTML. That's a feature of the 2 framework though rather than a limitation 1 or rule enforced by the URL syntax.
Per RFC 2396, the parameter names and values can 3 contain upper/lower case letters, decimal 2 digits, and -_.!~*'() characters. Everything 1 else needs to be escaped.
More Related questions
We use cookies to improve the performance of the site. By staying on our site, you agree to the terms of use of cookies.