Query Strings

Natalie Pendragon natpen at natpen.net
Sun May 24 18:15:59 BST 2020

Previous message (by thread): Query Strings
Next message (by thread): Query Strings
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

GUS uses Jetforce, which unquotes queries before passing them along
[1]. I'm not sure exactly what happened in your test cases Brian, but
typically I see escaped queries in the server logs (which I assume is
due to most clients automatically escaping their users' queries for
them).

[1] https://github.com/michael-lazar/jetforce/blob/b5f4235535d8eabad5a15cdf634f6d6149b37c29/jetforce/app/base.py#L64

And them from testing myself just now, when I submit a GUS query using
any of the big-name clients, I see my own query A) show up in GUS
server logs as escaped, and B) show up in the GUS query results page
as unescaped.

In the server logs, I think I found your queries, and one thing I
notice is that you're passing in pluses (`+`) for spaces, which I
don't actually think get handled by the standard quoting/unquoting
machinery (at least in Python). In Python, there's a separate
`unquote_plus()` method [2] which says it is "like unquote(), but also
replaces plus signs by spaces, as required for unquoting HTML form
values." So... I'm actually not sure if that's something Gemini should
respect, given the lack of forms.

[2] https://docs.python.org/3/library/urllib.parse.html#urllib.parse.unquote_plus

On Sun, May 24, 2020 at 04:42:42PM +0000, solderpunk wrote:
> On Sun, May 24, 2020 at 06:33:56PM +0200, Brian Evans wrote:
>
> > I think it would be good to clearly state what is expected of clients and servers
> > regarding the escaping of querystring values for gemini.
>
> Clients should definitely be URL escaping their queries, and servers
> should be unescaping them at their end.
>
> If this isn't done, then the thing that clients send to servers aren't
> genuine, RFC-compliant URLs.  I would actually expect that any server
> using a URL-parsing function from a decent library would get an error
> from that function if attempting to parse an unescaped URL, and would
> in turn give a permanent failure status back to the Gemini client.
>
> Yet another client torture test?
>
> Cheers,
> Solderpunk

Previous message (by thread): Query Strings
Next message (by thread): Query Strings
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list