Natalie Pendragon natpen at natpen.net
Sun May 24 18:15:59 BST 2020
- - - - - - - - - - - - - - - - - - -
GUS uses Jetforce, which unquotes queries before passing them along[1]. I'm not sure exactly what happened in your test cases Brian, buttypically I see escaped queries in the server logs (which I assume isdue to most clients automatically escaping their users' queries forthem).
[1] https://github.com/michael-lazar/jetforce/blob/b5f4235535d8eabad5a15cdf634f6d6149b37c29/jetforce/app/base.py#L64
And them from testing myself just now, when I submit a GUS query usingany of the big-name clients, I see my own query A) show up in GUSserver logs as escaped, and B) show up in the GUS query results pageas unescaped.
In the server logs, I think I found your queries, and one thing Inotice is that you're passing in pluses (`+`) for spaces, which Idon't actually think get handled by the standard quoting/unquotingmachinery (at least in Python). In Python, there's a separate`unquote_plus()` method [2] which says it is "like unquote(), but alsoreplaces plus signs by spaces, as required for unquoting HTML formvalues." So... I'm actually not sure if that's something Gemini shouldrespect, given the lack of forms.
[2] https://docs.python.org/3/library/urllib.parse.html#urllib.parse.unquote_plus
On Sun, May 24, 2020 at 04:42:42PM +0000, solderpunk wrote:
On Sun, May 24, 2020 at 06:33:56PM +0200, Brian Evans wrote:
I think it would be good to clearly state what is expected of clients and servers
regarding the escaping of querystring values for gemini.
Clients should definitely be URL escaping their queries, and servers
should be unescaping them at their end.
If this isn't done, then the thing that clients send to servers aren't
genuine, RFC-compliant URLs. I would actually expect that any server
using a URL-parsing function from a decent library would get an error
from that function if attempting to parse an unescaped URL, and would
in turn give a permanent failure status back to the Gemini client.
Yet another client torture test?
Cheers,
Solderpunk