Parsing URLs for Fun and Profit

Browsers parse URLs differently depending on which operating system they're running on. The problem is that they want to do sensible things for file paths, but file paths look different on Windows and Unix systems. How should we handle cases where browsers disaggree with the regular expression in RFC 3986? Currently, this document aims to describe how browsers behave, but we'll likely need to compare that to RFC 3986 at some point. Some specific differences that have been brought up on the mailing list: http:///example.com/ http://example.com;

A control character is a character whose value is less than or equal to U+0020 (" "). A slash character is either U+???? ("/") or U+???? ("\"). TODO: There's some question as to whether this is necessary for non-file URLs. An authority terminating character is either a slash charcter, U+???? ("?"), U+???? ("#"), or U+???? (";"). TODO: Why is ";" on this list? During a parsing algorithm, the remaining string is the characters of the input that have not yet been consumed.

Given a string of characters, consume all leading and trailing control characters. Find the scheme, as described in Section ??. If the algorithm for finding the scheme determines that the URL is invalid: -> Abort these steps. If the scheme is a single upper or lower case ASCII character (TODO: Just ALPHA?): -> TODO: Windows drive specs! If the scheme is a ASCII case-insensitive match for "file": -> TODO: File URLs! If the scheme is a ASCII case-insensitive match for "mailto": -> TODO: I think mailto URLs are special, but more testing is required. If the scheme is hierarchical: -> In the after-scheme, if any, find the authority, path, query, and fragment, as described in Section ??. -> In the authority, if any, find the user-info, host, and port, as described in Section ??. -> In the user-info, if any, find the user name and password, as described in Section ??. -> Abort these steps. The remaining string is the path. TODO: This might not be the best approach. We need to do more testing of data and javascript URLs.

If the remaining string does not contain a ":" character: -> The URL is invalid. -> Abort these steps. Consume characters up to, but not including, the first ":" character. These characters are the scheme. Consume the ":" character. The remaining characters are the after-scheme.

Consume any number of slash characters. If the remaining string does not contain any authority terminating characters: -> The remaining string is the authority. -> Abort these steps. Consume characters up to, but not including, the first authority terminating character. The consumed characters are authority. If the remaining string does not contain a "?" character or a "#" character: -> The remaining string is the path. -> Abort these steps. Consume characters up to, but not including, the first "?" or "#" charcter. The consumed characters are the path. If the first character of the remaining string is a "?" character: -> Consume the "?" character. -> If the remaining string does not contain a "#" character: -> The remaining string is the query. -> Abort these steps. -> Consume characters up to, but not including, the first "#" charcter. The consumed characters are the query. Consume the "#" character. The remaining string is the fragment.

If the remaining string contains an "@" character: -> Consume characters up to, but not including the *last* "@" character. The consumed characters are the user-info. -> Consume the "@" character. If the remaining string does not contain an ":" character: -> The remaining string is the host. -> Abort these steps. If the first character of the remaining string is a "[" character, the remaining string contains a "]" character, and the last ":" character in the remaining string occurs before the last "]" character in the remaining string: -> The remaining string is the host. -> Abort these steps. Consume characters up to, but not including, the last ":" character. The consumed characters are the host. Consume the ":" character. The remaining string is the port.

If the remaining string does not contain a ":" character: -> The remaining string is the user name. -> Abort these steps. Consume characters up to, but not including, the first ":" character. The consumed characters are the user name. Consume the ":" character. The remaining string is the password.

Given a string relative-url and a ParsedURL base-url, find the scheme of relative-url. TODO: We probably need to trim leading and trailing control characters. If relative-url is an invalid URL: -> The resolved URL is relative-url resolved as relative URL. -> Abort these steps. If relative-url's scheme contains any characters which are not "valid scheme characters" (TODO: Define valid scheme characters): -> The resolved URL is relative-url resolved as relative URL. -> Abort these steps. If base-url's scheme is an ASCII case insensitive match for relative-url's scheme and the shared scheme is hierarchical: -> The resolved URL is relative-url's after-scheme resolved as a relative URL. -> Abort these steps. The resolved URL is relative-url parsed as an absolute URL.

Given a string relative-url and a ParsedURL base-url, determine the resolved URL as follows: TODO: If base-url's scheme is not hierarchical, we can't resolve as a relative URL. We'll probably want to return an invalid URL. Check what happens when resolving an empty string as a relative URL with a non-hierarchical base. If relative-url is empty: -> The resolved URL is identical to base-url, with the fragment, if any, removed. -> Abort these steps. If the first character of relative-url is a slash character: -> If relative-url has at least two characters and the second character is also a slash character: -> The resolved URL is relative-url resolved as a scheme-relative URL. Otherwise: -> The resolved URL is relative-url resolved as an authority-relative URL. -> Abort these steps. If the first character of relative-url is a "?" character: -> The resolved URL is relative-url resolved as a query-relative URL. -> Abort these steps. If the first character of relative-url is a "#" character: -> The resolved URL is relative-url resolved as a fragment-relative URL. -> Abort these steps. TODO: Think about the case where the relative-url is empty. The resolved URL is relative-url resolved as a path-relative URL.

Given a string relative-url and a ParsedURL base-url, let resolved-url be base-url's scheme concatenated with ":", concatenated with relative-url. The resolved URL is resolved-url parsed as an absolute URL.

Given a string relative-url and a ParsedURL base-url, let resolved-url be base-url's scheme concatenated with "://", concatenated with base-url's authority, concatenated with relative-url. The resolved URL is resolved-url parsed as an absolute URL.

TODO: Can the first character of relative-url be a slash character at this point? TODO: Can we assume base-url is canonicalized here so that it always has at least one "/" character? Let the directory-name be the characters of the base-url's path up to and including the last slash character. Let resolved-url be base-url's scheme concatenated with "://", concatenated with base-url's authority, concatenated with directory-name. concatenated with relative-url. The resolved URL is resolved-url parsed as an absolute URL.

Given a string relative-url and a ParsedURL base-url, let resolved-url be base-url's scheme concatenated with "://", concatenated with base-url's authority, concatenated with base-url's path, concatenated with relative-url. The resolved URL is resolved-url parsed as an absolute URL.

Given a string relative-url and a ParsedURL base-url, let resolved-url be base-url's scheme concatenated with "://", concatenated with base-url's authority, concatenated with base-url's path, concatenated with "?", concatenated with base-url's query, concatenated with relative-url. The resolved URL is resolved-url parsed as an absolute URL.

This section describes how to construct a canonical version of a parsed URL string. TODO: We probably should mention somewhere that there is *not* a unique canonicalization for every URL. Given parsed URL original-url, if original-url is invalid: -> Abort these steps. TODO: Handle file URLs. If the scheme is hierarchical: Output the canonicalized scheme (as described in Section ??). Output "://". If the user-info is non-empty: Output the canonicalized user-info (as described in Section ??). Output "@". Output the canonicalized host (as described in Section ??). Let the canonicalized-port be the canonicalized port (as described in Section ??). If the canonicalized-port is non-empty and is not the default port for the scheme: Output ":". Output the canonicalized-port. Output the canonicalized path (as described in Section ??). Let the canonicalized-query be the canonicalized query (as described in Section ??). If the canonicalized-query is non-empty (TODO: Distinguish between empty and non-existent queries): Output "?". Output the canonicalized-query. Let the canonicalized-fragment be the canonicalized fragment (as described in Section ??). If the canonicalized-fragment is non-empty (TODO: Distinguish between empty and non-existent fragments): Output "#". Output the canonicalized-fragment.

If the first character of the scheme is not in ALPHA, the scheme is invalid. Process each character of the scheme in sequence: If the current character is among ALPHA, DIGIT, "+", "-", and ".": -> Output the current character. Otherwise, if the current character is "%": -> The scheme is invalid. -> Output the current character. Otherwise: -> The scheme is invalid. -> Output the utf8-percent-escaping of the current character.

Process each character of the username in sequence: If the current character is among TODO: -> Output the current character. Otherwise: -> Output the utf8-percent-escaping of the current character. If there is no password or if the password is empty: -> Abort these steps. Output ":". Process each character of the password in sequence: If the current character is among TODO: -> Output the current character. Otherwise: -> Output the utf8-percent-escaping of the current character.

TODO: Handle IP addresses. Let unicode-host be the host-escape-normalized host (see Section ??). Output result of applying the IDNA to-ascii algorithm to the unicode-host. TODO: Properly reference IDNA's to-ascii algorith (we might need a wrapper like we do in the cookie spec).

host-escaped = U+0000-U+002A / U+002C / U+002F / U+003B-U+0040 / U+005C / U+005E / U+0060 / U+007B-U+007F Process each character of the host in sequence: If the current character is "%": -> TODO: Handle percent-unescaping. If the current character matches host-escaped: -> Output the utf8-percent-escaping of the current character. Otherwise, if the current character matches ALPHA: -> Output the current character converted to lower case. Otherwise: -> Output the current character.

TODO: Do we need to ensure that path's always start with a slash character? If the path is empty: -> Ouput "/" and abort these steps.

path-escaped = U+0000-U+0020 / U+0022-U+0023 / U+0025 / U+003C / U+003E / U+003F / U+005C / U+005E / U+0060 / U+007B-U+007D / U+007F path-unescaped = "-" / DIGIT / ALPHA / "_" / "~" Process each character of the path in sequence: If the current character matches path-escaped or is greater than or equal to U+0080: -> Output the utf8-percent-escaping of the current character. Otherwise, if the current character is ".": -> TODO: Handle "." collapsing. Otherwise, if the current character is "\": -> Output "/". Otherwise, if the current character is "%": -> TODO: Handle percent-unescaping. Otherwise: -> Output the current character.

TODO: Handle the ambient encoding case. Process each character of the query in sequence: If the current character is among TODO: -> Output the current character. Otherwise: -> Output the utf8-percent-escaping of the current character. TODO: We need to handle the goofy query escaping format.

Process each character of the fragment in sequence: If the current character has a Unicode value greater than or equal to U+0020: -> Output the current character. Otherwise: -> Output the utf8-percent-escaping of the current character. Note: The above algorithm results in the canonicalized fragment containing non-US-ASCII characters.