Is a URI (specifically an HTTP URL) allowed to contain one or more space characters? If a URL must be encoded, is +
just a commonly followed convention, or a legitimate alternative?
In particular, can someone point to an RFC that indicates that a URL with a space must be encoded?
Motivation for question: While beta-testing a web site, I noted that some URLs were constructed with spaces in them. Firefox seemed to do the right thing, which surprised me! But I wanted to be able to point the developers to an RFC so that they would feel the need to fix those URLs.
As per RFC 1738:
Unsafe:
Characters can be unsafe for a number of reasons. The space character is unsafe because significant spaces may disappear and insignificant spaces may be introduced when URLs are transcribed or typeset or subjected to the treatment of word-processing programs. The characters
"<"
and">"
are unsafe because they are used as the delimiters around URLs in free text; the quote mark ("""
) is used to delimit URLs in some systems. The character"#"
is unsafe and should always be encoded because it is used in World Wide Web and in other systems to delimit a URL from a fragment/anchor identifier that might follow it. The character"%"
is unsafe because it is used for encodings of other characters. Other characters are unsafe because gateways and other transport agents are known to sometimes modify such characters. These characters are"{"
,"}"
,"|"
,"\"
,"^"
,"~"
,"["
,"]"
, and"`"
.All unsafe characters must always be encoded within a URL. For example, the character
"#"
must be encoded within URLs even in systems that do not normally deal with fragment or anchor identifiers, so that if the URL is copied into another system that does use them, it will not be necessary to change the URL encoding.