Standardize encoding of incoming URLs in makeRequest

0 views
Skip to first unread message

Chad Russell

unread,
Apr 18, 2008, 6:19:08 PM4/18/08
to opensocial-an...@googlegroups.com

I’d like to propose that we standardize how URLs are passed into makeRequest.  Can we formalize that all incoming URLs/parameters are completely unescaped/unencoded and the container is responsible for all encoding?

 

Thanks,

Chad Russell

crus...@myspace.com

 

 

Brian Eaton

unread,
Apr 18, 2008, 6:28:15 PM4/18/08
to opensocial-an...@googlegroups.com
On Fri, Apr 18, 2008 at 3:19 PM, Chad Russell <crus...@myspace.com> wrote:
> I'd like to propose that we standardize how URLs are passed into
> makeRequest. Can we formalize that all incoming URLs/parameters are
> completely unescaped/unencoded and the container is responsible for all
> encoding?

No. URLs without URL encoding are inherently ambiguous, the container
has no way to know how to properly encode them. Example:

Unencoded: http://www.example.com?foo=bar&baz=quux

That can be encoded several different ways. Maybe the developer meant
to pass parameters like foo=bar followed by baz=quux, or maybe they
meant to say that the parameter named 'foo' has the value
bar&baz=quux. The only way to disambiguate the request is for the
developer to do the encoding themselves.

I assume there is a specific problem that led to this proposal - can
you describe the problem so we can see if there is a better way to
address the issue?

Cheers,
Brian

Chad Russell

unread,
Apr 18, 2008, 6:33:31 PM4/18/08
to opensocial-an...@googlegroups.com
Sounds good Brian, good counter-example, can we standardize on always
encoded then and the container doesn't touch it?

We've just noticed that some apps are encoding some things, other apps
aren't encoding at all, etc, and it'd be nice to standardize in some way
rather than guess what needs to be done.

Thanks,
Chad

Brian Eaton

unread,
Apr 18, 2008, 7:23:45 PM4/18/08
to opensocial-an...@googlegroups.com
On Fri, Apr 18, 2008 at 3:33 PM, Chad Russell <crus...@myspace.com> wrote:
> Sounds good Brian, good counter-example, can we standardize on always
> encoded then and the container doesn't touch it?

No, we can't do that either. =) OAuth signing requires changing the encoding.

> We've just noticed that some apps are encoding some things, other apps
> aren't encoding at all, etc, and it'd be nice to standardize in some way
> rather than guess what needs to be done.

The algorithm in Shindig for non-OAuth is for the gadget server to not
touch the request encoding, I think.

For OAuth we decode and then reencode, and I think that has to happen.

Cassie

unread,
Apr 21, 2008, 6:49:47 AM4/21/08
to opensocial-an...@googlegroups.com
Note: I don't see a spec change here yet, so not recoding a proposal. If one should be taking place simply respond to this thread.
Thanks!

- Cassie
Reply all
Reply to author
Forward
0 new messages