# Notes on http parser corner cases

## Dealing with %00

%00 is considered illegal in

 - the path part of the URL.  A lot of user code handles it as a NUL terminated string,
   even though the header get apis are based around length.  So it is disallowed to
   avoid ambiguity.

 - the name part of a urlarg, like ?name=value

%00 is valid in

 - the value part of a urlarg, like ?name=value

When the parser sees %00 where it is not allowed, it simply drops the connection.

## Note on proper urlarg handling

urlargs are allowed to contain non-NUL terminated binary.  So it is important to
use the length-based urlarg apis

 - `lws_hdr_copy_fragment()`
 - `lws_get_urlarg_by_name_safe()`

The non-length based urlarg api

 - `lws_get_urlarg_by_name()`

...is soft-deprecated, it's still allowed but it will be fooled by the first %00
seen in the argument into truncating the argument.  Use `lws_get_urlarg_by_name_safe()`
instead.