Peter said:
All Ajax libraries I've read use encodeURIComponent() on the name-
value pairs extracted from forms before POST ing the result to the
server with and xmlhttprequest. I can understand why this encoding is
required in the case of a GET request and the form data is attached as
a URI query string; however, why is the encoding necessary for POST
requests?
Because POST uses the same characters to split ('&' and '=') by
default. The method doesn't matter; the data is just offered in
another part of the request.
GET looks like this (header):
GET /file.html?name=Bart&nr=4 HTTP/1.0
while default POST looks like this (body):
POST /file.html HTTP/1.0
Content-length: 15
name=Bart&nr=4
It's like in email conventions, where stuff can be stored in header or
in body.
You can see this mechanism very well in Perl's CGI processing, where
GET reads the input from the URL (a line in the header of the
request), while POST takes it from <STDIN> (body of request). The
further processing is identical; and the URL decoding is an important
step here.
I've seen the term "un-webify" for this kind of processing rather than
"URL-decoding"; the latter indeed sounds like it refers to GET only.
But the encoding of POST-ed data is only the default behaviour of the
browser (which is done in Ajax "by hand" in such libraries).
<form method="post">
actually means:
<form method="post"
enctype="application/x-www-form-urlencoded">
But it's possible to disable this URL-encoding for POST-ed data,
mostly to transfer (binary) files to the gateway software. In the
following example, you tell the form not to encode anything:
<form method="post" enctype="multipart/form-data">
This is the only case where 'é' will be passed as 'é'; under default
GET/POST rules it will always be passed as '%E9'.
Again, this is identical to email; all mail attachments are sent using
multipart (but, unlike HTTP, they are additionally base64-encoded).
So as a general conclusion: Ajax libraries must invoke
encodeURIComponent() when sending POST-requests in the "application/x-
www-form-urlencoded" encoding type. They must always invoke
encodeURIComponent() for GET. They must not invoke
encodeURIComponent() in the POST "multipart/form-data" type.
Obviously, it also depends on how the gateway software is configured
how to handle incoming data (this will be URL decoded by default).
Hope this helps,