1# Notes on http parser corner cases 2 3## Dealing with %00 4 5%00 is considered illegal in 6 7 - the path part of the URL. A lot of user code handles it as a NUL terminated string, 8 even though the header get apis are based around length. So it is disallowed to 9 avoid ambiguity. 10 11 - the name part of a urlarg, like ?name=value 12 13%00 is valid in 14 15 - the value part of a urlarg, like ?name=value 16 17When the parser sees %00 where it is not allowed, it simply drops the connection. 18 19## Note on proper urlarg handling 20 21urlargs are allowed to contain non-NUL terminated binary. So it is important to 22use the length-based urlarg apis 23 24 - `lws_hdr_copy_fragment()` 25 - `lws_get_urlarg_by_name_safe()` 26 27The non-length based urlarg api 28 29 - `lws_get_urlarg_by_name()` 30 31...is soft-deprecated, it's still allowed but it will be fooled by the first %00 32seen in the argument into truncating the argument. Use `lws_get_urlarg_by_name_safe()` 33instead. 34