Message 385332 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	vstinner
Recipients	AdamGold, vstinner
Date	2021-01-20.11:07:32
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1611140852.58.0.815112509408.issue42967@roundup.psfhosted.org>
In-reply-to

Content
Oops, I missed this issue. I just marked my bpo-42975 issue as a duplicate of this one. My message: urllib.parse.parse_qsl() uses "&" and ";" as separators: >>> urllib.parse.parse_qsl("a=1&b=2&c=3") [('a', '1'), ('b', '2'), ('c', '3')] >>> urllib.parse.parse_qsl("a=1&b=2;c=3") [('a', '1'), ('b', '2'), ('c', '3')] But the W3C standards evolved and now suggest against considering semicolon (";") as a separator: https://www.w3.org/TR/2014/REC-html5-20141028/forms.html#url-encoded-form-data "This form data set encoding is in many ways an aberrant monstrosity, the result of many years of implementation accidents and compromises leading to a set of requirements necessary for interoperability, but in no way representing good design practices. In particular, readers are cautioned to pay close attention to the twisted details involving repeated (and in some cases nested) conversions between character encodings and byte sequences." "To decode application/x-www-form-urlencoded payloads (...) Let strings be the result of strictly splitting the string payload on U+0026 AMPERSAND characters (&)." Maybe we should even go further in Python 3.10 and only split at "&" by default, but let the caller to opt-in for ";" separator as well.

Oops, I missed this issue. I just marked my bpo-42975 issue as a duplicate of this one.

My message:

urllib.parse.parse_qsl() uses "&" *and* ";" as separators:

>>> urllib.parse.parse_qsl("a=1&b=2&c=3")
[('a', '1'), ('b', '2'), ('c', '3')]
>>> urllib.parse.parse_qsl("a=1&b=2;c=3")
[('a', '1'), ('b', '2'), ('c', '3')]

But the W3C standards evolved and now suggest against considering semicolon (";") as a separator:

https://www.w3.org/TR/2014/REC-html5-20141028/forms.html#url-encoded-form-data

"This form data set encoding is in many ways an aberrant monstrosity, the result of many years of implementation accidents and compromises leading to a set of requirements necessary for interoperability, but in no way representing good design practices. In particular, readers are cautioned to pay close attention to the twisted details involving repeated (and in some cases nested) conversions between character encodings and byte sequences."

"To decode application/x-www-form-urlencoded payloads (...) Let strings be the result of strictly splitting the string payload on U+0026 AMPERSAND characters (&)."

Maybe we should even go further in Python 3.10 and only split at "&" by default, but let the caller to opt-in for ";" separator as well.

History
Date	User	Action	Args
2021-01-20 11:07:32	vstinner	set	recipients: + vstinner, AdamGold
2021-01-20 11:07:32	vstinner	set	messageid: <1611140852.58.0.815112509408.issue42967@roundup.psfhosted.org>
2021-01-20 11:07:32	vstinner	link	issue42967 messages
2021-01-20 11:07:32	vstinner	create