[ACCEPTED]-HTTP URL - allowed characters in parameter names-specifications

Accepted answer
Score: 13

There are no restrictions on escaped parameter 4 names in the URI specs. There might be restrictions 3 in the server-side software that you use, though. This 2 is especially true if you use “homemade” scripts 1 to interpret URIs.

Score: 8

You should also read RFC2396. It seems to be more 1 informative than RFC3986.

Score: 2

There are reserved characters for URLs, but 9 as long as you escape (urlencode) then you 8 should be fine.

Depending on the framework 7 used, you may get exceptions if you try 6 to submit suspicious values. ASP.NET has 5 content filtering that will throw exceptions 4 if you try to submit "unsafe" data, like 3 scripts or HTML. That's a feature of the 2 framework though rather than a limitation 1 or rule enforced by the URL syntax.

Score: 1

Per RFC 2396, the parameter names and values can 3 contain upper/lower case letters, decimal 2 digits, and -_.!~*'() characters. Everything 1 else needs to be escaped.

More Related questions