[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mod_proxy_html and special characters

On Fri, May 25, 2018 at 11:57 AM, Eric Covener <covener@xxxxxxxxx> wrote:
> <a href="" href="http://internal/!%22%23$/" rel="noreferrer" target="_blank">http://internal/!%22%23$/">A link with special characters</a>

> ProxyHTMLURLMap "http://internal/!\"#$/" "http://external/!\"#$/"

> Is it reasonable to expect mod_proxy_html to rewrite URL encoded URLs as
> well?

IMO no, I don't think the literals in the first argument should be
expected to match the URL-encoded content

Agreed that the pattern above should only match and pass (or reflect,
in a rewrite case) a literal '#' for a fragment. If you mean %23, don't 
write it as '#'.

The %-enc should be retained, and matched distinctly, unless their 
plaintext is equivalent, e.g. meets none of the sub-delim or delim or
restricted set. Which must therefore include %25, % encoded '%' itself.
Any %41 or 'A' are equivalent because their definition is an identity.
But I don't know that you can use %41 in the match pattern as we
would not decode that, and you likely can force any result to contain 
a %41.

This is not well handled in general, there are ideas floating around,
but since there is no committee interest beyond 2.4.x and complete
division of opinion on how anything >2.4.x would be managed, it
looks most practical to clearly document existing observed behavior.