2

I have an app which gets launched on a custom URI which looks like myapp://whatever/something

There is a HTML page which has a href link as this -> myapp://whatever/?x=abc;y=pqr; When this is clicked in chrome, myapp gets the URL myapp://whatever/?x=abc%3By%3Dpqr%3B, the URL gets encoded However when I click on the same link on the default Internet browser - no encoding is done. It gets the original URL -> myapp://whatever/?x=abc;y=pqr;

What is the correct behavior?

I tried this using Chrome 38.0.2125.114 on Android 4.4.3. Also, I think earlier versions of Chrome didn't do this, but not so sure.

user93353
  • 13,733
  • 8
  • 60
  • 122
jauser12345
  • 21
  • 1
  • 1
    IMO the correct behavior is for you to escape URIs before presenting them for usage. Why rely on anyone/anything else to do what you know should be done? –  Nov 05 '14 at 05:04
  • @JeremyMiller - I don't want the URI escaped. And the default browser on Android (Internet) doesn't do it. Chrome does it and does it half. Also the question was what is the correct behavior for the browser on encountering a URI which is as explained in the question. – jauser12345 Nov 05 '14 at 05:33

1 Answers1

2

Treatment of semicolons in URLs isn't totally consistent, so your best approach is to escape your URL correctly and unambiguously.

If you intend to set a single query parameter of x to the value abc;y=pqr; then the escaped form is correct:

?x=abc%3By%3Dpqr%3B

However, if you intend separate parameters then & would be a better choice for interoperability. If you want to specify x as abc and y as pqr then you should specify this as:

?x=abc&y=pqr

As you've seen, browser behaviour is not predictable with unescaped semicolons, so avoid them.

Joe
  • 29,416
  • 12
  • 68
  • 88
  • But should the browser escape the parameters at all? Is there any standard around that - because on Android, Chrome does it and the default Internet Browser does not. – user93353 Nov 05 '14 at 15:26
  • Also, W3C says "We recommend that HTTP server implementors, and in particular, CGI implementors support the use of ";" in place of "&" to save authors the trouble of escaping "&" characters in this manner." So the whole point of using ";" is to avoid escaping - so why is Chrome escaping the semicolon. – user93353 Nov 05 '14 at 15:39
  • Browsers in general do not respect that recommendation. Specifically, in Chrome, [semicolons not recognized as query string delimiter](https://code.google.com/p/chromium/issues/detail?id=37397). – Joe Nov 06 '14 at 08:55