Women in Technology

Hear us Roar

  A Canary Trap for URI Escaping
Subject:   Sounds like a work-around
Date:   2006-06-04 10:40:22
From:   BasSchulte
Response to: Sounds like a work-around

Escaping/unescaping, encoding/decoding, same thing.
Full Threads Oldest First

Showing messages 1 through 2 of 2.

  • Escaping vs Encoding.
    2006-06-05 21:09:34  Robert Spier | O'Reilly Author [View]

    Not at all. To oversimplify, Encoding is about what the bits mean. Escaping is about marking certain character sequences that have special meaning.
    • Escaping vs Encoding.
      2006-07-31 12:55:50  rdeforest [View]

      I agree with BasSchulte - Escaping is a kind of Encoding. Both are ways of translating between one symbol system and another. Escaping is a the subset of encodinng where the contents are enveloped within the target coding. It is irrelevant that escaping uses prefixes to tag metacharachters. The problem (over-encoding) can still exist in other contexts.

      I like the idea of adding a 'canary' to detect over-coding, but I would prefer to use something more robust, like a CRC and I don't like the idea of using it to determine when to stop decoding.

      In the multiple redirect situation described in the article, I would prefer to fix the root problem: the redirects should not have been re-escaping the original data. This canary solution just hides the problem.