[Mongrel] HTTP parse error due to an extra percent sign

Kirk Haines wyhaines at gmail.com
Wed Jan 7 16:33:39 EST 2009

On 1/7/09, Jonathan Rochkind <rochkind at jhu.edu> wrote:
> Yes. I have run into this before. Mongrel will error on an invalid HTTP URI,
> with one common case being characters not properly escaped, which is what
> your example is.  When one of the developers of my app brought this up
> before, he was told by the Mongrel developer that this was intentional, and
> would not be changed.

Mongrel's HTTP parser grammar was written by Zed to be very RFC conformant.

>  I didn't like this then, and I don't like it now, for a variety of reasons,
> including that my app needs to respond to URLs sent by third parties that
> are not under my control.   Perhaps the current mongrel developers (IS there
> even any active development on mongrel?) have a different opinion, and this
> could be changed, or made configurable.

The mongrel HTTP parser is very stable, and is in use by multiple
projects.  I can't speak for the other mongrel devs, but if it were up
to me alone, I'd keep mongrel's HTTP parser RFC compliant.

Since you have a special case, I would suggest that you just take a
look at the grammar for the parser and consider compiling your own
parser.  You could probably just remove '%' from the unsafe type, and
see if that will work for you:  It looks like this:

 unsafe = (CTL | " " | "\"" | "#" | "%" | "<" | ">");

Kirk Haines

More information about the Mongrel-users mailing list