On Fri, 23 Jan 2004 14:48:43 +1300, Nick FitzGerald <nick@virus-l.demon.co.uk>
said:
> as the "@" is (incorrectly) interpreted by many browsers (most in terms
> of absolute use) as indicating the username part of the "userinfo" part
> of the generic URI scheme.
RFC2396 - Uniform Resource Identifiers (URI): Generic Syntax
3.2.2. Server-based Naming Authority
URL schemes that involve the direct use of an IP-based protocol to a
specified server on the Internet use a common syntax for the server
component of the URI's scheme-specific data:
<userinfo>@<host>:<port>
where <userinfo> may consist of a user name and, optionally, scheme-
specific information about how to gain authorization to access the
server. The parts "<userinfo>@" and ":<port>" may be omitted.
server = [ [ userinfo "@" ] hostport ]
The user information, if present, is followed by a commercial at-sign
"@".
userinfo = *( unreserved | escaped |
";" | ":" | "&" | "=" | "+" | "$" | "," )
Some URL schemes use the format "user:password" in the userinfo
field. This practice is NOT RECOMMENDED, because the passing of
authentication information in clear text (such as URI) has proven to
be a security risk in almost every case where it has been used.
Looks like a correct interpretation to me.
Attachment:
pgp00050.pgp
Description: PGP signature