Re: url protection

[Patrice Dumas]

Hello,

Answering to myself, the protection of URL actually does not mean
protecting all the characters, as the : of the scheme, / as path
separator should be left as is, and parts already %-escaped should also
be left as is.  After some thinking, maybe the best, in @url, @email and
@image would be to protect only non reserved and non unreserved
characters, and not protect % either, like
  $result_string =~ s/([^^A-Za-z0-9\-_.!~*'()\$&+,\/:;=\?@\[\]%])/ sprintf 
"%%%02x", ord $1 /eg;
Such that if urls are given they are not % encoded.  We also could do
something different for @image and @url.



On Wed, Aug 03, 2022 at 03:26:08PM +0200, Patrice Dumas wrote:
> Hello,
> 
> In general, hrefs generated by texi2any to Texinfo manuals, be it the
> current manual or external manual, only contain ascii characters
> acceptable in hrefs.  However, for some other href, for <img> file
> names, or from @url{}, there could be any characters.
> 
> I think that it would be cleaner to percent encode those hrefs.  I tries
> to read the URL specification, https://url.spec.whatwg.org/, but I could
> not understand much, and there is no exposition at all, only pseudo
> code.
> 
> My proposal would be to follow the perl faq,
> https://perldoc.perl.org/perlfaq9#How-do-I-decode-or-create-those-%25-encodings-on-the-web?
> To encode a string yourself, use the URI::Escape module. The uri_escape 
> function returns the escaped string
> 
> This would add the URI::Escape module as dependency.  This is a rather
> common module, but it does not seems to be in perl core.  To me
> documenting that the module is needed should be enough.
> 
> The standard does not seems to clear on the encoding to use for the %
> encodings.  URI::Escape has uri_escape() and uri_escape_utf8.  My
> feeling is that the best would be to use first encode to the output
> encoding and then call URI::Escape uri_escape().
> 
> 
> Any comment?
> 
> -- 
> Pat
>