1URI::Escape(3) User Contributed Perl Documentation URI::Escape(3)
2
3
4
6 URI::Escape - Escape and unescape unsafe characters
7
9 use URI::Escape;
10 $safe = uri_escape("10% is enough\n");
11 $verysafe = uri_escape("foo", "\0-\377");
12 $str = uri_unescape($safe);
13
15 This module provides functions to escape and unescape URI strings as
16 defined by RFC 2396 (and updated by RFC 2732). A URI consists of a
17 restricted set of characters, denoted as "uric" in RFC 2396. The
18 restricted set of characters consists of digits, letters, and a few
19 graphic symbols chosen from those common to most of the character
20 encodings and input facilities available to Internet users:
21
22 "A" .. "Z", "a" .. "z", "0" .. "9",
23 ";", "/", "?", ":", "@", "&", "=", "+", "$", ",", "[", "]", # reserved
24 "-", "_", ".", "!", "~", "*", "'", "(", ")"
25
26 In addition, any byte (octet) can be represented in a URI by an escape
27 sequence: a triplet consisting of the character "%" followed by two
28 hexadecimal digits. A byte can also be represented directly by a
29 character, using the US-ASCII character for that octet (iff the
30 character is part of "uric").
31
32 Some of the "uric" characters are reserved for use as delimiters or as
33 part of certain URI components. These must be escaped if they are to
34 be treated as ordinary data. Read RFC 2396 for further details.
35
36 The functions provided (and exported by default) from this module are:
37
38 uri_escape( $string )
39 uri_escape( $string, $unsafe )
40 Replaces each unsafe character in the $string with the
41 corresponding escape sequence and returns the result. The $string
42 argument should be a string of bytes. The uri_escape() function
43 will croak if given a characters with code above 255. Use
44 uri_escape_utf8() if you know you have such chars or/and want chars
45 in the 128 .. 255 range treated as UTF-8.
46
47 The uri_escape() function takes an optional second argument that
48 overrides the set of characters that are to be escaped. The set is
49 specified as a string that can be used in a regular expression
50 character class (between [ ]). E.g.:
51
52 "\x00-\x1f\x7f-\xff" # all control and hi-bit characters
53 "a-z" # all lower case characters
54 "^A-Za-z" # everything not a letter
55
56 The default set of characters to be escaped is all those which are
57 not part of the "uric" character class shown above as well as the
58 reserved characters. I.e. the default is:
59
60 "^A-Za-z0-9\-_.!~*'()"
61
62 uri_escape_utf8( $string )
63 uri_escape_utf8( $string, $unsafe )
64 Works like uri_escape(), but will encode chars as UTF-8 before
65 escaping them. This makes this function able do deal with
66 characters with code above 255 in $string. Note that chars in the
67 128 .. 255 range will be escaped differently by this function
68 compared to what uri_escape() would. For chars in the 0 .. 127
69 range there is no difference.
70
71 The call:
72
73 $uri = uri_escape_utf8($string);
74
75 will be the same as:
76
77 use Encode qw(encode);
78 $uri = uri_escape(encode("UTF-8", $string));
79
80 but will even work for perl-5.6 for chars in the 128 .. 255 range.
81
82 Note: Javascript has a function called escape() that produces the
83 sequence "%uXXXX" for chars in the 256 .. 65535 range. This
84 function has really nothing to do with URI escaping but some folks
85 got confused since it "does the right thing" in the 0 .. 255 range.
86 Because of this you sometimes see "URIs" with these kind of
87 escapes. The JavaScript encodeURIComponent() function is similar
88 to uri_escape_utf8().
89
90 uri_unescape($string,...)
91 Returns a string with each %XX sequence replaced with the actual
92 byte (octet).
93
94 This does the same as:
95
96 $string =~ s/%([0-9A-Fa-f]{2})/chr(hex($1))/eg;
97
98 but does not modify the string in-place as this RE would. Using
99 the uri_unescape() function instead of the RE might make the code
100 look cleaner and is a few characters less to type.
101
102 In a simple benchmark test I did, calling the function (instead of
103 the inline RE above) if a few chars were unescaped was something
104 like 40% slower, and something like 700% slower if none were. If
105 you are going to unescape a lot of times it might be a good idea to
106 inline the RE.
107
108 If the uri_unescape() function is passed multiple strings, then
109 each one is returned unescaped.
110
111 The module can also export the %escapes hash, which contains the
112 mapping from all 256 bytes to the corresponding escape codes. Lookup
113 in this hash is faster than evaluating "sprintf("%%%02X", ord($byte))"
114 each time.
115
117 URI
118
120 Copyright 1995-2004 Gisle Aas.
121
122 This program is free software; you can redistribute it and/or modify it
123 under the same terms as Perl itself.
124
125
126
127perl v5.10.1 2009-05-28 URI::Escape(3)