.\" -*- mode: troff; coding: utf-8 -*- .\" Automatically generated by Pod::Man 5.0102 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ . ds C` "" . ds C' "" 'br\} .el\{\ . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" ======================================================================== .\" .IX Title "URI::Escape 3" .TH URI::Escape 3 2024-09-13 "perl v5.40.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH NAME URI::Escape \- Percent\-encode and percent\-decode unsafe characters .SH SYNOPSIS .IX Header "SYNOPSIS" .Vb 4 \& use URI::Escape; \& $safe = uri_escape("10% is enough\en"); \& $verysafe = uri_escape("foo", "\e0\-\e377"); \& $str = uri_unescape($safe); .Ve .SH DESCRIPTION .IX Header "DESCRIPTION" This module provides functions to percent-encode and percent-decode URI strings as defined by RFC 3986. Percent-encoding URI's is informally called "URI escaping". This is the terminology used by this module, which predates the formalization of the terms by the RFC by several years. .PP A URI consists of a restricted set of characters. The restricted set of characters consists of digits, letters, and a few graphic symbols chosen from those common to most of the character encodings and input facilities available to Internet users. They are made up of the "unreserved" and "reserved" character sets as defined in RFC 3986. .PP .Vb 4 \& unreserved = ALPHA / DIGIT / "\-" / "." / "_" / "~" \& reserved = ":" / "/" / "?" / "#" / "[" / "]" / "@" \& "!" / "$" / "&" / "\*(Aq" / "(" / ")" \& / "*" / "+" / "," / ";" / "=" .Ve .PP In addition, any byte (octet) can be represented in a URI by an escape sequence: a triplet consisting of the character "%" followed by two hexadecimal digits. A byte can also be represented directly by a character, using the US-ASCII character for that octet. .PP Some of the characters are \fIreserved\fR for use as delimiters or as part of certain URI components. These must be escaped if they are to be treated as ordinary data. Read RFC 3986 for further details. .PP The functions provided (and exported by default) from this module are: .ie n .IP "uri_escape( $string )" 4 .el .IP "uri_escape( \f(CW$string\fR )" 4 .IX Item "uri_escape( $string )" .PD 0 .ie n .IP "uri_escape( $string, $unsafe )" 4 .el .IP "uri_escape( \f(CW$string\fR, \f(CW$unsafe\fR )" 4 .IX Item "uri_escape( $string, $unsafe )" .PD Replaces each unsafe character in the \f(CW$string\fR with the corresponding escape sequence and returns the result. The \f(CW$string\fR argument should be a string of bytes. The \fBuri_escape()\fR function will croak if given a characters with code above 255. Use \fBuri_escape_utf8()\fR if you know you have such chars or/and want chars in the 128 .. 255 range treated as UTF\-8. .Sp The \fBuri_escape()\fR function takes an optional second argument that overrides the set of characters that are to be escaped. The set is specified as a string that can be used in a regular expression character class (between [ ]). E.g.: .Sp .Vb 3 \& "\ex00\-\ex1f\ex7f\-\exff" # all control and hi\-bit characters \& "a\-z" # all lower case characters \& "^A\-Za\-z" # everything not a letter .Ve .Sp The default set of characters to be escaped is all those which are \&\fInot\fR part of the \f(CW\*(C`unreserved\*(C'\fR character class shown above as well as the reserved characters. I.e. the default is: .Sp .Vb 1 \& "^A\-Za\-z0\-9\e\-\e._~" .Ve .Sp The second argument can also be specified as a regular expression object: .Sp .Vb 1 \& qr/[^A\-Za\-z]/ .Ve .Sp Any strings matched by this regular expression will have all of their characters escaped. .ie n .IP "uri_escape_utf8( $string )" 4 .el .IP "uri_escape_utf8( \f(CW$string\fR )" 4 .IX Item "uri_escape_utf8( $string )" .PD 0 .ie n .IP "uri_escape_utf8( $string, $unsafe )" 4 .el .IP "uri_escape_utf8( \f(CW$string\fR, \f(CW$unsafe\fR )" 4 .IX Item "uri_escape_utf8( $string, $unsafe )" .PD Works like \fBuri_escape()\fR, but will encode chars as UTF\-8 before escaping them. This makes this function able to deal with characters with code above 255 in \f(CW$string\fR. Note that chars in the 128 .. 255 range will be escaped differently by this function compared to what \&\fBuri_escape()\fR would. For chars in the 0 .. 127 range there is no difference. .Sp Equivalent to: .Sp .Vb 2 \& utf8::encode($string); \& my $uri = uri_escape($string); .Ve .Sp Note: JavaScript has a function called \fBescape()\fR that produces the sequence "%uXXXX" for chars in the 256 .. 65535 range. This function has really nothing to do with URI escaping but some folks got confused since it "does the right thing" in the 0 .. 255 range. Because of this you sometimes see "URIs" with these kind of escapes. The JavaScript \fBencodeURIComponent()\fR function is similar to \fBuri_escape_utf8()\fR. .IP uri_unescape($string,...) 4 .IX Item "uri_unescape($string,...)" Returns a string with each \f(CW%XX\fR sequence replaced with the actual byte (octet). .Sp This does the same as: .Sp .Vb 1 \& $string =~ s/%([0\-9A\-Fa\-f]{2})/chr(hex($1))/eg; .Ve .Sp but does not modify the string in-place as this RE would. Using the \&\fBuri_unescape()\fR function instead of the RE might make the code look cleaner and is a few characters less to type. .Sp In a simple benchmark test I did, calling the function (instead of the inline RE above) if a few chars were unescaped was something like 40% slower, and something like 700% slower if none were. If you are going to unescape a lot of times it might be a good idea to inline the RE. .Sp If the \fBuri_unescape()\fR function is passed multiple strings, then each one is returned unescaped. .PP The module can also export the \f(CW%escapes\fR hash, which contains the mapping from all 256 bytes to the corresponding escape codes. Lookup in this hash is faster than evaluating \f(CW\*(C`sprintf("%%%02X", ord($byte))\*(C'\fR each time. .SH "SEE ALSO" .IX Header "SEE ALSO" URI .SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 1995\-2004 Gisle Aas. .PP This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.