[Users] [Bug 4034] URLs with square brackets are shortened

Dave Howorth dave at howorth.org.uk
Sun Jun 10 15:16:44 CEST 2018 

On Sun, 10 Jun 2018 13:47:24 +0200
Michal Suchánek <msuchanek at suse.de> wrote:

> On Sat, 09 Jun 2018 19:48:13 +0000
> noreply at thewildbeast.co.uk wrote:
> 
> > https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4034
> > 
> > Andrej Kacian <andrej at kacian.sk> changed:
> > 
> >            What    |Removed                     |Added
> > ----------------------------------------------------------------------------
> >              Status|NEW                         |RESOLVED
> >          Resolution|---                         |INVALID
> > 
> > --- Comment #1 from Andrej Kacian <andrej at kacian.sk> ---
> > Square brackets should not be used like this in an URL. Looks like
> > people at frankfurt.de should have a look at RFC 3986, where in
> > section 3.2.2, it says:
> > 
> >   A host identified by an Internet Protocol literal address,
> > version 6 [RFC3513] or later, is distinguished by enclosing the IP
> > literal within square brackets ("[" and "]").  This is the only
> > place where square bracket characters are allowed in the URI syntax.
> > 
> > https://tools.ietf.org/html/rfc3986#section-3.2.2
> >   
> 
> I suppose this came about together with IPv6 and software that
> predates widespread use of IPv6 including this very bugzilla instance
> happily includes the square brackets in the URL.

Square brackets were explicitly disallowed in the original URL spec:
https://www.w3.org/Addressing/URL/url-spec.txt

The new spec is MORE lenient, not less, in that it allows them for a
very specific purpose. The Frankfurt 'URL' is wrong and is correctly
dealt with by Claws IMHO.

> The basic rule of the internet protocol processing should be "Be
> strict in what you send and be lenient in what you accept." Hence for
> compatibility with existing systems you should accept square brackets
> as part of the URL. If you want to be super correct you can encode
> them in the URL you pass over to the web browser. Seems to work with
> the Frankfurt site all right. 

Any system sending square brackets is advertising that it is broken.
Perhaps malicious. So best not to try to 'handle' it at all.

> Thanks
> 
> Michal
> _______________________________________________
> Users mailing list
> Users at lists.claws-mail.org
> https://lists.claws-mail.org/cgi-bin/mailman/listinfo/users

More information about the Users mailing list