Are URIs (specifically HTTP URLs) allowed to have a space in them? If they must be encoded, is '+' just a commonly followed convention, or a legitimate alternative? Thanks!
EDIT: Can someone point to an RFC indicating that a URL with a space must be encoded?
joe
Have not seen that. Perhaps you can configure the web server to accept that...
Urls should not have spaces in them. If you need to address one that does, use its encoded value of %20
Here is a great page that shows you how things get encoded using a number of different technologies.
http://andrewu.co.uk/tools/uriencoder/
To answer your question. I would say it's fairly common for applications to replace spaces in values that will be used in URLs. The reason for this is ussually to avoid the more difficult to read percent (URI) encoding that occurs.
Check out this wikipedia article about Percent-encoding.
URLs are defined in RFC 3986, though other RFCs are relevant as well but RFC 1738 is obsolete.
They may not have spaces in them, along with many other characters. Since those forbidden characters often need to be represented somehow, there is a scheme for encoding them into a URL by translating them to their ASCII hexadecimal equivalent with a "%" prefix.
Most programming languages/platforms provide functions for encoding and decoding URLs, though they may not properly adhere to the RFC standards. For example, I know that PHP does not.
As per RFC 1738:
Unsafe:
Characters can be unsafe for a number of reasons. The space character is unsafe because significant spaces may disappear and insignificant spaces may be introduced when URLs are transcribed or typeset or subjected to the treatment of word-processing programs. The characters "<" and ">" are unsafe because they are used as the delimiters around URLs in free text; the quote mark (""") is used to delimit URLs in some systems. The character "#" is unsafe and should always be encoded because it is used in World Wide Web and in other systems to delimit a URL from a fragment/anchor identifier that might follow it. The character "%" is unsafe because it is used for encodings of other characters. Other characters are unsafe because gateways and other transport agents are known to sometimes modify such characters. These characters are "{", "}", "|", "\", "^", "~", "[", "]", and "`".
All unsafe characters must always be encoded within a URL. For example, the character "#" must be encoded within URLs even in systems that do not normally deal with fragment or anchor identifiers, so that if the URL is copied into another system that does use them, it will not be necessary to change the URL encoding.
Shorter answer: no, you must encode a space; it is correct to encode a space as +, but only in the query string; in the path you must use %20.
Why does it have to be encoded? A request looks like this:
GET /url HTTP/1.1
(Ignoring headers)
There are 3 fields separated by a white space. If you put a space in your url:
GET /url end_url HTTP/1.1
You know have 4 fields, the HTTP server will tell you it is an invalid request.
GET /url%20end_url HTTP/1.1
3 fields => valid
Note: in the query string (after ?), a space is usually encoded as a +
GET /url?var=foo+bar HTTP/1.1
rather than
GET /url?var=foo%20bar HTTP/1.1
Can someone point to an RFC indicating that a URL with a space must be encoded?
URIs, and thus URLs, are defined in RFC 3986.
If you look at the grammar defined over there you will eventually note that a space character never can be part of a syntactically legal URL, thus the term "URL with a space" is a contradiction in itself.