如何编码“..”用于URL路径？

Question

I'm trying to construct a URL with something like:

var myUrl = '/path/to/api/' + encodeURIComponent(str);

But if str is .. then your browser automatically lops off a path segment so that the URL becomes /path/to which is not what I want.

I've tried encoding .. as %2E%2E but your browser still re-interprets it before the request is sent. Is there anything I can do to have path actually come through to my server as /path/to/api/.. ?

Answer 1

I believe this is not supported because the behaviour would violate RFC 3986 .

From Section 2.3. Unreserved Characters (emphasis mine):

Characters that are allowed in a URI but do not have a reserved purpose are called unreserved. These include uppercase and lowercase letters, decimal digits, hyphen, period, underscore, and tilde.

  unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~" 

URIs that differ in the replacement of an unreserved character with its corresponding percent-encoded US-ASCII octet are equivalent: they identify the same resource. However, URI comparison implementations do not always perform normalization prior to comparison (see Section 6). For consistency, percent-encoded octets in the ranges of ALPHA (%41-%5A and %61-%7A), DIGIT (%30-%39), hyphen (%2D), period (%2E) , underscore (%5F), or tilde (%7E) should not be created by URI producers and, when found in a URI, should be decoded to their corresponding unreserved characters by URI normalizers .

From Section 6.2.2.3. Path Segment Normalization (emphasis mine):

The complete path segments "." and ".." are intended only for use within relative references (Section 4.1) and are removed as part of the reference resolution process (Section 5.2). However, some deployed implementations incorrectly assume that reference resolution is not necessary when the reference is already a URI and thus fail to remove dot-segments when they occur in non-relative paths. URI normalizers should remove dot-segments by applying the remove_dot_segments algorithm to the path, as described in Section 5.2.4. ):

Answer 2

I've actually done similar by double encoding the text, then un-encoding it on the server back end. However, mine were query parameters, not part of the path.

PS. This is written on my phone, I'll add an example later.

Answer 3

Seeing as there's no solution , there's not much we can do but error:

export function encodeUriComponent(str) {
    if(str === '.' || str === '..') {
        throw new Error(`Cannot URI-encode "${str}" per RFC 3986 §6.2.2.3`)
    }
    return encodeURIComponent(str);
}

I feel that this is a better option than arbitrarily modifying the URL path which is exactly what I was trying to avoid by using encodeURIComponent .