Uniform Resource Identifier (URI): Generic SyntaxWorld Wide Web ConsortiumMIT/LCS, Room NE43-356200 Technology SquareCambridgeMA02139USA+1-617-253-5702+1-617-258-5999timbl@w3.orghttp://www.w3.org/People/Berners-Lee/Day Software2 Corporate Plaza, Suite 150Newport BeachCA92660USA+1-949-644-2557+1-949-644-5064roy.fielding@day.comhttp://www.apache.org/~fielding/Adobe Systems Incorporated345 Park AveSan JoseCA95110USA+1-408-536-3024LMM@acm.orghttp://larry.masinter.net/
Applications
uniform resource identifierURIURLURNWWWresource
A Uniform Resource Identifier (URI) is a compact string of characters
for identifying an abstract or physical resource. This document
defines the generic syntax of a URI, including both absolute and
relative forms, and guidelines for their use.
This document defines a grammar that is a superset of all valid URI,
such that an implementation can parse the common components of a URI
reference without knowing the scheme-specific requirements of every
possible identifier type. This document does not define a generative
grammar for all URIs; that task will be performed by the individual
specifications of each URI scheme.
Discussion of this draft and comments to the editors should be sent
to the uri@w3.org mailing list. An issues list and version history
is available at <http://www.apache.org/~fielding/uri/rev-2002/>.
A Uniform Resource Identifier (URI) provides a simple and extensible
means for identifying a resource. This specification of URI syntax
and semantics is derived from concepts introduced by the World Wide
Web global information initiative, whose use of such objects dates
from 1990 and is described in "Universal Resource Identifiers in WWW"
, and is designed to meet the
recommendations laid out in "Functional Recommendations for Internet
Resource Locators" and "Functional Requirements
for Uniform Resource Names" .
This document obsoletes , which merged
"Uniform Resource Locators" and
"Relative Uniform Resource Locators" in order
to define a single, generic syntax for all URIs. It excludes those
portions of RFC 1738 that defined the specific syntax of individual
URI schemes; those portions will be updated as separate documents.
The process for registration of new URI schemes is defined separately
by .
All significant changes from RFC 2396 are noted in Appendix G.
URIs are characterized by the following definitions:
Uniform
Uniformity provides several benefits: it allows different types
of resource identifiers to be used in the same context, even
when the mechanisms used to access those resources may differ;
it allows uniform semantic interpretation of common syntactic
conventions across different types of resource identifiers; it
allows introduction of new types of resource identifiers
without interfering with the way that existing identifiers are
used; and, it allows the identifiers to be reused in many
different contexts, thus permitting new applications or
protocols to leverage a pre-existing, large, and widely-used
set of resource identifiers.
Resource
A resource can be anything that has identity. Familiar
examples include an electronic document, an image, a service
(e.g., "today's weather report for Los Angeles"), and a
collection of other resources. Not all resources are network
"retrievable"; e.g., human beings, corporations, and bound
books in a library can also be considered resources.
The resource is the conceptual mapping to an entity or set of
entities, not necessarily the entity which corresponds to that
mapping at any particular instance in time. Thus, a resource
can remain constant even when its content---the entities to
which it currently corresponds---changes over time, provided
that the conceptual mapping is not changed in the process.
Identifier
An identifier is an object that can act as a reference to
something that has identity. In the case of a URI, the object is
a sequence of characters with a restricted syntax.
Having identified a resource, a system may perform a variety of
operations on the resource, as might be characterized by such words
as `access', `update', `replace', or `find attributes'.
A URI can be further classified as a locator, a name, or both. The
term "Uniform Resource Locator" (URL) refers to the subset of URIs
that, in addition to identifying the resource, provide a means of
locating the resource by describing its primary access mechanism
(e.g., its network "location"). The term "Uniform Resource Name" (URN)
refers to the subset of URIs that are required to remain globally unique and
persistent even when the resource ceases to exist or becomes unavailable.
An individual scheme does not need to be cast into one of a discrete
set of URI types such as "URL", "URN", "URC", etc. Any given URI
scheme may define subspaces that have the characteristics of a name,
a locator, or both, often depending on the persistence and care in
the assignment of identifiers by the naming authority, rather than on
any quality of the URI scheme. For that reason, this specification
deprecates use of the terms URL or URN to distinguish between
schemes, instead using the term URI throughout.
Each URI scheme (Section 3.1) defines the namespace of the URI, and
thus may further restrict the syntax and semantics of identifiers
using that scheme. This specification defines those elements of the
URI syntax that are either required of all URI schemes or are common
to many URI schemes. It thus defines the syntax and semantics that
are needed to implement a scheme-independent parsing mechanism for
URI references, such that the scheme-dependent handling of a URI can
be postponed until the scheme-dependent semantics are needed.
Although many URI schemes are named after protocols, this does not
imply that use of such a URI will result in access to the resource
via the named protocol. URIs are often used in contexts that are
purely for identification, just like any other identifier. Even when
a URI is used to obtain a representation of a resource, that access
might be through gateways, proxies, caches, and name resolution
services that are independent of the protocol of the resource origin,
and the resolution of some URIs may require the use of more than one
protocol (e.g., both DNS and HTTP are typically used to access an
"http" URI's resource when it can't be found in a local cache).
A parser of the generic URI syntax is capable of parsing any URI
reference into its major components; once the scheme is determined,
further scheme-specific parsing can be performed on the components.
In other words, the URI generic syntax is a superset of the syntax
of all URI schemes.
An absolute identifier refers to a resource independent of the
context in which the identifier is used. In contrast, a relative
identifier refers to a resource by describing the difference within a
hierarchical namespace between the current context and an absolute
identifier of the resource.
Some URI schemes support a hierarchical naming system, where the
hierarchy of the name is denoted by a "/" delimiter separating the
components in the scheme. This document defines a scheme-independent
`relative' form of URI reference that can be used in conjunction with
a `base' URI of a hierarchical scheme to produce the `absolute' URI
form of the reference. The syntax of a hierarchical URI is described
in Section 3; the relative URI calculation is described in Section 5.
The URI syntax was designed with global transcribability as one of
its main concerns. A URI is a sequence of characters from a very
limited set, i.e. the letters of the basic Latin alphabet, digits,
and a few special characters. A URI may be represented in a variety
of ways: e.g., ink on paper, pixels on a screen, or a sequence of
octets in a coded character set. The interpretation of a URI depends
only on the characters used and not how those characters are
represented in a network protocol.
The goal of transcribability can be described by a simple scenario.
Imagine two colleagues, Sam and Kim, sitting in a pub at an
international conference and exchanging research ideas. Sam asks Kim
for a location to get more information, so Kim writes the URI for the
research site on a napkin. Upon returning home, Sam takes out the
napkin and types the URI into a computer, which then retrieves the
information to which Kim referred.
There are several design concerns revealed by the scenario:
A URI is a sequence of characters, which is not always
represented as a sequence of octets.
A URI may be transcribed from a non-network source, and thus
should consist of characters that are most likely to be able to
be typed into a computer, within the constraints imposed by
keyboards (and related input devices) across languages and
locales.
A URI often needs to be remembered by people, and it is easier
for people to remember a URI when it consists of meaningful
components.
These design concerns are not always in alignment. For example, it
is often the case that the most meaningful name for a URI component
would require characters that cannot be typed into some systems. The
ability to transcribe the resource identifier from one medium to
another was considered more important than having its URI consist of
the most meaningful of components. In local and regional contexts
and with improving technology, users might benefit from being able to
use a wider range of characters; such use is not defined in this
document.
This document uses two conventions to describe and define the syntax
for URI. The first, called the layout form, is a general description
of the order of components and component separators, as in
The component names are enclosed in angle-brackets and any characters
outside angle-brackets are literal separators. Whitespace should be
ignored. These descriptions are used informally and do not define
the syntax requirements.
The second convention is a formal grammar defined using the
Augmented Backus-Naur Form (ABNF) notation of .
Although the ABNF defines syntax in terms of the ASCII character
encoding , the URI syntax should be interpreted
in terms of the character that the ASCII-encoded octet represents,
rather than the octet encoding itself. How a URI is represented
in terms of bits and bytes on the wire is dependent upon
the character encoding of the protocol used to transport it, or the
charset of the document that contains it.
The complete URI syntax is collected in Appendix A.
Within a URI, characters are either used as delimiters or to
represent strings of data (octets) within the delimited portions.
Octets are either represented directly by a character (using the US-ASCII
character for that octet ) or by an escape encoding.
This representation is elaborated below.
The relationship between URIs and characters has been a source of
confusion for characters that are not part of US-ASCII. To describe
the relationship, it is useful to distinguish between a "character"
(as a distinguishable semantic entity) and an "octet" (an 8-bit
byte). There are two mappings, one from URI characters to octets, and
a second from octets to original characters:
A URI is represented as a sequence of characters, not as a sequence
of octets. That is because a URI might be "transported" by means that
are not through a computer network, e.g., printed on paper, read over
the radio, etc.
A URI scheme may define a mapping from URI characters to octets;
whether this is done depends on the scheme. Commonly, within a
delimited component of a URI, a sequence of characters may be used to
represent a sequence of octets. For example, the character "a"
represents the octet 97 (decimal), while the character sequence "%",
"0", "a" represents the octet 10 (decimal).
There is a second translation for some resources: the sequence of
octets defined by a component of the URI is subsequently used to
represent a sequence of characters. A 'charset' defines this mapping.
There are many charsets in use in Internet protocols. For example,
UTF-8 defines a mapping from sequences of octets to sequences
of characters in the repertoire of ISO 10646.
In the simplest case, the original character sequence contains only
characters that are defined in US-ASCII, and the two levels of
mapping are simple and easily invertible: each 'original character'
is represented as the octet for the US-ASCII code for it, which is,
in turn, represented as either the US-ASCII character, or else the
"%" escape sequence for that octet.
For original character sequences that contain non-ASCII characters,
however, the situation is more difficult. Internet protocols that
transmit octet sequences intended to represent character sequences
are expected to provide some way of identifying the charset used, if
there might be more than one . However, there is currently
no provision within the generic URI syntax to accomplish this
identification. An individual URI scheme may require a single
charset, define a default charset, or provide a way to indicate the
charset used.
It is expected that a systematic treatment of character encoding
within URIs will be developed as a future modification of this
specification.
The "reserved" syntax class above refers to those characters that are
allowed within a URI, but which may not be allowed within a
particular component of the generic URI syntax; they are used as
delimiters of the components described in Section 3.
Characters in the "reserved" set are not reserved in all contexts.
The set of characters actually reserved within any given URI
component is defined by that component. In general, a character is
reserved if the semantics of the URI changes if the character is
replaced with its escaped US-ASCII encoding.
Unreserved characters can be escaped without changing the semantics
of the URI, but this should not be done unless the URI is being used
in a context that does not allow the unescaped character to appear.
Data must be escaped if it does not have a representation using an
unreserved character; this includes data that does not correspond to
a printable character of the US-ASCII coded character set, or that
corresponds to any US-ASCII character that is disallowed, as
explained below.
A URI is always in an "escaped" form, since escaping or unescaping a
completed URI might change its semantics. Normally, the only time
escape encodings can safely be made is when the URI is being created
from its component parts; each component may have its own set of
characters that are reserved, so only the mechanism responsible for
generating or interpreting that component can determine whether or
not escaping a character will change its semantics. Likewise, a URI
must be separated into its components before the escaped characters
within those components can be safely decoded.
In some cases, data that could be represented by an unreserved
character may appear escaped; for example, some of the unreserved
"mark" characters are automatically escaped by some systems. If the
given URI scheme defines a canonicalization algorithm, then
unreserved characters may be unescaped according to that algorithm.
For example, "%7e" is sometimes used instead of "~" in an http URI
path, but the two are equivalent for an http URI.
Because the percent "%" character always has the reserved purpose of
being the escape indicator, it must be escaped as "%25" in order to
be used as data within a URI. Implementers should be careful not to
escape or unescape the same string more than once, since unescaping
an already unescaped string might lead to misinterpreting a percent
data character as another escaped character, or vice versa in the
case of escaping an already escaped string.
Although they are disallowed within the URI syntax, we include here a
description of those US-ASCII characters that have been excluded and
the reasons for their exclusion.
The control characters (CTL) in the US-ASCII coded character set are not
used within a URI, both because they are non-printable and because
they are likely to be misinterpreted by some control mechanisms.
The space character (SP) is excluded because significant spaces may
disappear and insignificant spaces may be introduced when a URI is
transcribed or typeset or subjected to the treatment of word-processing
programs. Whitespace is also used to delimit a URI in many
contexts.
Data corresponding to excluded characters must be escaped in order to
be properly represented within a URI.
The URI syntax is dependent upon the scheme. In general, absolute
URI are written as follows:
An absolute URI contains the name of the scheme being used (<scheme>)
followed by a colon (":") and then a string (the <scheme-specific-part>)
whose interpretation depends on the scheme.
The URI syntax does not require that the scheme-specific-part have
any general structure or set of semantics which is common among all
URIs. However, a subset of URI do share a common syntax for
representing hierarchical relationships within the namespace. This
"generic URI" syntax consists of a sequence of four main components:
each of which, except <scheme>, may be absent from a particular URI.
For example, some URI schemes do not allow an <authority> component,
and others do not use a <query> component.
We use the term <path> to refer to both the <abs-path> and
<opaque-part> constructs, since they are mutually exclusive for any
given URI and can be parsed as a single component.
Just as there are many different methods of access to resources,
there are a variety of schemes for identifying such resources. The
URI syntax consists of a sequence of components separated by reserved
characters, with the first component defining the semantics for the
remainder of the URI string.
Relative URI references are distinguished from absolute URI in that
they do not begin with a scheme name. Instead, the scheme is
inherited from the base URI, as described in Section 5.2.
The authority component is preceded by a double slash "//" and is
terminated by the next slash "/", question-mark "?", or by the end of
the URI. Within the authority component, the characters ";", ":",
"@", "?", "/", "[", and "]" are reserved.
An authority component is not required for a URI scheme to make use
of relative references. A base URI without an authority component
implies that any relative reference will also be without an authority
component.
URI schemes that involve the direct use of an IP-based protocol to a
specified server on the Internet use a common syntax for the server
component of the URI's scheme-specific data:
where <userinfo> may consist of a user name and, optionally,
scheme-specific information about how to gain authorization to access the
server. The parts "<userinfo>@" and ":<port>" may be omitted.
If <host> is omitted, the default host is defined by the
scheme-specific semantics of the URI (e.g., the "file" URI
scheme defaults to "localhost", whereas the "http" URI scheme
does not allow host to be omitted).
Some URI schemes use the format "user:password" in the userinfo
field. This practice is NOT RECOMMENDED, because the passing of
authentication information in clear text has proven to
be a security risk in almost every case where it has been used.
The path may consist of a sequence of path segments separated by a
single slash "/" character. Within a path segment, the characters
"/", ";", "=", and "?" are reserved. The semicolon (";") and
equals ("=") characters have the reserved purpose of delimiting
parameters and parameter values within a path segment. However,
parameters are not significant to the parsing of relative references.
Within a query component, the characters ";", "/", "?", ":", "@",
"&", "=", "+", ",", and "$" are reserved.
The syntax for a relative URI is a shortened form of that for an absolute
URI, where some prefix of the URI is missing and certain path
components ("." and "..") have a special meaning when, and only when,
interpreting a relative path. The relative URI syntax is defined in
Section 5.
The semantics of a fragment identifier is a property of the data
resulting from a retrieval action, regardless of the type of URI used
in the reference. Therefore, the format and interpretation of
fragment identifiers is dependent on the media type
of the
retrieval result. The character restrictions described in Section 2
for a URI also apply to the fragment in a URI-reference. Individual
media types may define additional restrictions or structure within
the fragment for specifying different types of "partial views" that
can be identified within that media type.
A fragment identifier is only meaningful when a URI reference is
intended for retrieval and the result of that retrieval is a document
for which the identified fragment is consistently defined.
A URI reference that does not contain a URI is a reference to the
current document. In other words, an empty URI reference within a
document is interpreted as a reference to the start of that document,
and a reference containing only a fragment identifier is a reference
to the identified fragment of that document. Traversal of such a
reference should not result in an additional retrieval action.
However, if the URI reference occurs in a context that is always
intended to result in a new request, as in the case of HTML's FORM
element, then an empty URI reference represents the base URI of the
current document and should be replaced by that URI when transformed
into a request.
A URI reference is typically parsed according to the four main
components and fragment identifier in order to determine what
components are present and whether the reference is relative or
absolute. The individual components are then parsed for their
subparts and, if not opaque, to verify their validity.
Although the BNF defines what is allowed in each component, it is
ambiguous in terms of differentiating between an authority component
and a path component that begins with two slash characters. The
greedy algorithm is used for disambiguation: the left-most matching
rule soaks up as much of the URI reference string as it is capable of
matching. In other words, the authority component wins.
Readers familiar with regular expressions should see Appendix B for a
concrete parsing example and test oracle.
It is often the case that a group or "tree" of documents has been
constructed to serve a common purpose; the vast majority of URIs in
these documents point to resources within the tree rather than
outside of it. Similarly, documents located at a particular site are
much more likely to refer to other resources at that site than to
resources at remote sites.
Relative addressing of URIs allows document trees to be partially
independent of their location and access scheme. For instance, it is
possible for a single set of hypertext documents to be simultaneously
accessible and traversable via each of the "file", "http", and "ftp"
schemes if the documents refer to each other using relative URIs.
Furthermore, such document trees can be moved, as a whole, without
changing any of the relative references. Experience within the WWW
has demonstrated that the ability to perform relative referencing is
necessary for the long-term usability of embedded URIs.
A relative reference beginning with two slash characters is termed a
network-path reference, as defined by <net-path> in Section 3. Such
references are rarely used.
A relative reference beginning with a single slash character is
termed an absolute-path reference, as defined by <abs-path> in
Section 3.
Within a relative-path reference, the complete path segments "." and
".." have special meanings: "the current hierarchy level" and "the
level above this hierarchy level", respectively. Although this is
very similar to their use within Unix-based filesystems to indicate
directory levels, these path components are only considered special
when resolving a relative-path reference to its absolute form
(Section 5.2).
Authors should be aware that a path segment which contains a colon
character cannot be used as the first segment of a relative URI path
(e.g., "this:that"), because it would be mistaken for a scheme name.
It is therefore necessary to precede such segments with other
segments (e.g., "./this:that") in order for them to be referenced as
a relative path.
It is not necessary for all URI within a given scheme to be
restricted to the <hier-part> syntax, since the hierarchical
properties of that syntax are only necessary when a relative URI is
used within a particular document. Documents can only make use of
a relative URI when their base URI fits within the <hier-part> syntax.
It is assumed that any document which contains a relative reference
will also have a base URI that obeys the syntax. In other words, a
relative URI cannot be used within a document that has an unsuitable
base URI.
Some URI schemes do not allow a hierarchical syntax matching the
<hier-part> syntax, and thus cannot use relative references.
The term "relative URI" implies that there exists some absolute "base
URI" against which the relative reference is applied. Indeed, the
base URI is necessary to define the semantics of any relative URI
reference; without it, a relative reference is meaningless. In order
for relative URI to be usable within a document, the base URI of that
document must be known to the parser.
The base URI of a document can be established in one of four ways,
listed below in order of precedence. The order of precedence can be
thought of in terms of layers, where the innermost defined base URI
has the highest precedence. This can be visualized graphically as:
Within certain document media types, the base URI of the document can
be embedded within the content itself such that it can be readily
obtained by a parser. This can be useful for descriptive documents,
such as tables of content, which may be transmitted to others through
protocols other than their usual retrieval context (e.g., E-Mail or
USENET news).
It is beyond the scope of this document to specify how, for each
media type, the base URI can be embedded. It is assumed that user
agents manipulating such media types will be able to obtain the
appropriate syntax from that media type's specification. An example
of how the base URI can be embedded in the Hypertext Markup Language
(HTML) is provided in Appendix D.
A mechanism for embedding the base URI within MIME container types
(e.g., the message and multipart types) is defined by MHTML
. Protocols that do not use the MIME message header syntax,
but which do allow some form of tagged metainformation to be included
within messages, may define their own syntax for defining the base
URI as part of a message.
If no base URI is embedded, the base URI of a document is defined by
the document's retrieval context. For a document that is enclosed
within another entity (such as a message or another document), the
retrieval context is that entity; thus, the default base URI of the
document is the base URI of the entity in which the document is
encapsulated.
If no base URI is embedded and the document is not encapsulated
within some other entity (e.g., the top level of a composite entity),
then, if a URI was used to retrieve the base document, that URI shall
be considered the base URI. Note that if the retrieval was the
result of a redirected request, the last URI used (i.e., that which
resulted in the actual retrieval of the document) is the base URI.
If none of the conditions described in Sections 5.1.1--5.1.3 apply,
then the base URI is defined by the context of the application.
Since this definition is necessarily application-dependent, failing
to define the base URI using one of the other methods may result in
the same content being interpreted differently by different types of
application.
It is the responsibility of the distributor(s) of a document
containing a relative URI to ensure that the base URI for that document
can be established. It must be emphasized that a relative URI cannot
be used reliably in situations where the document's base URI is not
well-defined.
This section describes an example algorithm for resolving URI
references that might be relative to a given base URI. The algorithm
is intended to provide a definitive result that can be used to test
the output of other implementations. Implementation of the algorithm
itself is not required, but the result given by an implementation must
match the result that would be given by this algorithm.
The base URI is established according to the rules of Section 5.1 and
parsed into the four main components as described in Section 3. Note
that only the scheme component is required to be present in the base
URI; the other components may be empty or undefined. A component is
undefined if its preceding separator does not appear in the URI
reference; the path component is never undefined, though it may be
empty. The base URI's query component is not used by the resolution
algorithm and may be discarded.
The pseudocode above refers to a merge routine for merging a
relative-path reference with the path of the base URI to obtain the
target path. Although there are many ways to do this, we will describe
a simple method using a separate string buffer:
All but the last segment of the base URI's path component is
copied to the buffer. In other words, any characters after the
last (right-most) slash character, if any, are excluded.
If the base URI's path component is the empty string, then
a single slash character ("/") is copied to the buffer.
The reference's path component is appended to the buffer
string.
All occurrences of "./", where "." is a complete path segment,
are removed from the buffer string.
If the buffer string ends with "." as a complete path segment,
that "." is removed.
All occurrences of "<segment>/../", where <segment> is a
complete path segment not equal to "..", are removed from the
buffer string. Removal of these path segments is performed
iteratively, removing the leftmost matching pattern on each
iteration, until no matching pattern remains.
If the buffer string ends with "<segment>/..", where <segment>
is a complete path segment not equal to "..", that
"<segment>/.." is removed.
If the resulting buffer string still begins with one or more
complete path segments of "..", then the reference is
considered to be in error. Implementations may handle this
error by retaining these components in the resolved path (i.e.,
treating them as part of the final URI), by removing them from
the resolved path (i.e., discarding relative levels above the
root), or by avoiding traversal of the reference.
The remaining buffer string is the target URI's path component.
Some systems may find it more efficient to implement the merge
algorithm as a pair of path segment stacks being merged, rather
than as a series of string pattern replacements.
Note: Some WWW client applications will fail to separate the
reference's query component from its path component before merging
the base and reference paths. This may result in a loss of
information if the query component contains the strings "/../" or "/./".
Resolution examples are provided in Appendix C.
In many cases, different URI strings may actually identify the
identical resource. For example, the host names used in URI are
actually case insensitive, and the URI <http://www.XEROX.com> is
equivalent to <http://www.xerox.com>. In general, the rules for
equivalence and definition of a normal form, if any, are scheme
dependent. When a scheme uses elements of the common syntax, it will
also use the common syntax equivalence rules, namely that the scheme
and hostname are case insensitive and a URI with an explicit ":port",
where the port is the default for the scheme, is equivalent to one
where the port is elided.
A URI does not in itself pose a security threat. Users should beware
that there is no general guarantee that a URI, which at one time
located a given resource, will continue to do so. Nor is there any
guarantee that a URI will not locate a different resource at some
later point in time, due to the lack of any constraint on how a given
authority apportions its namespace. Such a guarantee can only be
obtained from the person(s) controlling that namespace and the
resource in question. A specific URI scheme may include additional
semantics, such as name persistence, if those semantics are required
of all naming authorities for that scheme.
It is sometimes possible to construct a URI such that an attempt to
perform a seemingly harmless, idempotent operation, such as the
retrieval of an entity associated with the resource, will in fact
cause a possibly damaging remote operation to occur. The unsafe URI
is typically constructed by specifying a port number other than that
reserved for the network protocol in question. The client
unwittingly contacts a site that is in fact running a different
protocol. The content of the URI contains instructions that, when
interpreted according to this other protocol, cause an unexpected
operation. An example has been the use of a gopher URI to cause an
unintended or impersonating message to be sent via a SMTP server.
Caution should be used when using any URI that specifies a port
number other than the default for the protocol, especially when it is
a number within the reserved space.
Care should be taken when a URI contains escaped delimiters for a
given protocol (for example, CR and LF characters for telnet
protocols) that these are not unescaped before transmission. This
might violate the protocol, but avoids the potential for such
characters to be used to simulate an extra operation or parameter in
that protocol, which might lead to an unexpected and possibly harmful
remote operation to be performed.
It is clearly unwise to use a URI that contains a password which is
intended to be secret. In particular, the use of a password within
the 'userinfo' component of a URI is strongly discouraged except
in those rare cases where the 'password' parameter is intended to be
public.
This document is derived from RFC 2396 ,
RFC 1808 , and RFC 1738 ;
the acknowledgements in those specifications still apply.
It also incorporates the update (with corrections) for IPv6 literals
in the host syntax, as defined by Robert M. Hinden, Brian E. Carpenter,
and Larry Masinter in .
In addition, contributions by Reese Anschultz, Tim Bray, Dan Connolly,
Adam M. Costello, Jason Diamond, Martin Duerst, Henry Holtzman, Bruce Lilly,
Michael Mealling, Julian Reschke, Miles Sabin, Ronald Tschalaer,
Marc Warne, and Henry Zongaro are gratefully acknowledged.
Coded Character Set -- 7-bit American Standard Code for Information InterchangeAmerican National Standards InstituteRequirements for Internet Hosts - Application and SupportUniversity of Southern California (USC), Information Sciences Institute4676 Admiralty WayMarina del ReyCA90292-6695US+1 213 822 1511Braden@ISI.EDUAugmented BNF for Syntax Specifications: ABNFInternet Mail Consortium675 Spruce Dr.SunnyvaleCA94086US+1 408 246 8253+1 408 249 6205dcrocker@imc.orgDemon Internet LtdDorking Business ParkDorkingSurreyEnglandRH4 1HNUKpaulo@turnpike.comDoD Internet host table specificationSRI InternationalSRI InternationalSRI InternationalIP Version 6 Addressing ArchitectureNokia232 Java DriveSunnyvaleCA 94089USA+1 408 990-2004+1 408 743-5677hinden@iprg.nokia.comCisco Systems, Inc.170 West Tasman DriveSan JoseCA 95134-1706USA+1 408 527-8213+1 408 527-8254deering@cisco.com
Internet
internet protocol version 6IPv6addressingmulticastDomain names - concepts and facilitiesInformation Sciences Institute (ISI)UTF-8, a transformation format of ISO 10646Alis Technologies100, boul. Alexis-NihonSuite 600MontrealQuebecH4M 2P2CA+1 514 747 2547+1 514 747 2561fyergeau@alis.comIETF Policy on Character Sets and LanguagesUNINETTP.O.Box 6883 ElgeseterN-7002 TRONDHEIMNORWAY+47 73 59 70 94Harald.T.Alvestrand@uninett.no
Applications
Internet Engineering Task Forcecharacter encodingUniversal Resource Identifiers in WWW: A Unifying Syntax for the Expression of Names and Addresses of Objects on the Network as used in the World-Wide WebCERN, World-Wide Web project1211 Geneva 23CH+41 22 7673755+41 22 7677155timbl@info.cern.chUniform Resource Locators (URL)CERN, World-Wide Web project1211 Geneva 23CH+41 22 7673755+41 22 7677155timbl@info.cern.chXerox PARC3333 Coyote Hill RoadPalo AltoCA94034US+1 415 812 4365+1 415 812 4333masinter@parc.xerox.comUniversity of Minnesota, Computer and Information Services100 Union Street SE, Shepherd LabsRoom 152MinneapolisMN55455US+1 612 625 1300mpm@boombox.micro.umn.eduHypertext Markup Language - 2.0MIT Laboratory for Computer Science545 Technology SquareCambridgeMA02139US+1 617 253 9670+1 617 258 8682timbl@w3.orgMIT Laboratory for Computer Science, W3 Consortium545 Technology SquareCambridgeMA02139US+1 617 258 8682connolly@w3.orghttp://www.w3.org/hypertext/WWW/People/Connolly/Uniform Resource Identifiers (URI): Generic SyntaxWorld Wide Web ConsortiumMIT Laboratory for Computer Science, NE43-356545 Technology SquareCambridgeMA02139+1(617)258-8682timbl@w3.orgDepartment of Information and Computer ScienceUniversity of California, IrvineIrvineCA92697-3425+1(949)824-1715fielding@ics.uci.eduXerox PARC3333 Coyote Hill RoadPalo AltoCA94034+1(415)812-4333masinter@parc.xerox.com
Applications
resourceURIRelative Uniform Resource LocatorsUniversity of California Irvine, Department of Information and Computer ScienceIrvineCA92717-3425US+1 714 824 4049+1 714 824 4056fielding@ics.uci.eduMultipurpose Internet Mail Extensions (MIME) Part Two: Media TypesInnosoft International, Inc.1050 East Garvey Avenue SouthWest CovinaCA91790US+1 818 919 3600+1 818 919 3614ned@innosoft.comFirst Virtual Holdings25 Washington AvenueMorristownNJ07960US+1 201 540 8967+1 201 993 3032nsb@nsb.fv.comHTTP Extensions for Distributed Authoring -- WEBDAVMicrosoft Corporationyarong@microsoft.comDept. Of Information and Computer
Science, University of California, Irvineejw@ics.uci.eduNetscapeasad@netscape.comNovellsrcarter@novell.comNovelldcjensen@novell.comFormat for Literal IPv6 Addresses in URL'sNokia313 Fairchild DriveMountain ViewCA94043US+1 650 625 2004hinden@iprg.nokia.comIBM, iCAIR1890 Maple AvenueSuite 150EvanstonIL60201USbrian@icair.orgAT&T Labs75 Willow RoadMenlo ParkCA94025USLMM@acm.orgFunctional Recommendations for Internet Resource LocatorsInformation Systems and Technology293 Evans HallBerkeleyCA94720US+1 510 642 1530+1 510 643 5385jak@violet.berkeley.eduFunctional Requirements for Uniform Resource NamesXerox Palo Alto Research Center3333 Coyote Hill RoadPalo AltoCA94304US+1 415 812 4365+1 415 812 4333masinter@parc.xerox.comMIT Laboratory for Computer Science545 Technology SquareCambridgeMA02139US+1 617 253 2673sollins@lcs.mit.eduMIME E-mail Encapsulation of Aggregate Documents, such as HTML (MHTML)Stockholm University and KTHElectrum 230S-164 40 KistaSweden+46-8-16 16 67+46-8-783 08 29jpalme@dsv.su.seMicrosoft Corporation3590 North First StreetSuite 300San JoseCA 95134Working group chairman:alexhop@microsoft.com
Applications
encapsulatehypertext markup languagemailmultipurpose internet mail extensionsRegistration Procedures for URL Scheme NamesUUNET Technologies5000 Britton RoadP. O. Box 5000HilliardOH43026-5000US+1 614 723 4157+1 614 723 8407rpetke@wcom.netMicrosoft CorporationOne Microsoft WayRedmondWA98052-6399US+1 425 703 2293+1 425 936 7329iking@microsoft.com
As described in Section 4.3, the generic URI syntax is not sufficient
to disambiguate the components of some forms of URI. Since the
"greedy algorithm" described in that section is identical to the
disambiguation method used by POSIX regular expressions, it is
natural and commonplace to use a regular expression for parsing the
potential four components and fragment identifier of a URI reference.
The following line is the regular expression for breaking-down a URI
reference into its components.
The numbers in the second line above are only to assist readability;
they indicate the reference points for each subexpression (i.e., each
paired parenthesis). We refer to the value matched for subexpression
<n> as $<n>. For example, matching the above expression to
results in the following subexpression matches:
where <undefined> indicates that the component is not present, as is
the case for the query component in the above example. Therefore, we
can determine the value of the four components and fragment as
and, going in the opposite direction, we can recreate a URI reference
from its components using the algorithm of Section 5.2.
Within an object with a well-defined base URI of
the relative URI would be resolved as follows:
Although the following abnormal examples are unlikely to occur in
normal practice, all URI parsers should be capable of resolving them
consistently. Each example uses the same base as above.
An empty reference refers to the start of the current document.
Parsers must be careful in handling the case where there are more
relative path ".." segments than there are hierarchical levels in the
base URI's path. Note that the ".." syntax cannot be used to change
the authority component of a URI.
In practice, some implementations strip leading relative symbolic
elements (".", "..") after applying a relative URI calculation, based
on the theory that compensating for obvious author errors is better
than allowing the request to fail. Thus, the above two references
will be interpreted as "http://a/g" by some implementations.
Similarly, parsers must avoid treating "." and ".." as special when
they are not complete components of a relative path.
Less likely are cases where the relative URI uses unnecessary or
nonsensical forms of the "." and ".." complete path segments.
Some applications fail to separate the reference's query and/or
fragment components from a relative path before merging it with
the base path. This error is rarely noticed, since typical usage
of a fragment never includes the hierarchy ("/") character, and the
query component is not normally used within relative references.
Some parsers allow the scheme name to be present in a relative URI if
it is the same as the base URI scheme. This is considered to be a
loophole in prior specifications of partial URI .
Its use should be avoided, but is allowed for backwards compatibility.
It is useful to consider an example of how the base URI of a document
can be embedded within the document's content. In this appendix, we
describe how documents written in the Hypertext Markup Language
(HTML) can include an embedded base URI. This appendix
does not form a part of the URI specification and should not be
considered as anything more than a descriptive example.
HTML defines a special element "BASE" which, when present in the
"HEAD" portion of a document, signals that the parser should use the
BASE element's "HREF" attribute as the base URI for resolving any
relative URI. The "HREF" attribute must be an absolute URI. Note
that, in HTML, element and attribute names are case-insensitive. For
example:
A parser reading the example document should interpret the given
relative URI "../x" as representing the absolute URI
regardless of the context in which the example document was obtained.
URIs are often transmitted through formats that do not provide a clear
context for their interpretation. For example, there are many
occasions when a URI is included in plain text; examples include text
sent in electronic mail, USENET news messages, and, most importantly,
printed on paper. In such cases, it is important to be able to
delimit the URI from the rest of the text, and in particular from
punctuation marks that might be mistaken for part of the URI.
In practice, URI are delimited in a variety of ways, but usually
within double-quotes "http://example.com/", angle brackets
<http://example.com/>, or just using whitespace
These wrappers do not form part of the URI.
In the case where a fragment identifier is associated with a URI
reference, the fragment would be placed within the brackets as well
(separated from the URI with a "#" character).
In some cases, extra whitespace (spaces, linebreaks, tabs, etc.) may
need to be added to break a long URI across lines. The whitespace
should be ignored when extracting the URI.
No whitespace should be introduced after a hyphen ("-") character.
Because some typesetters and printers may (erroneously) introduce a
hyphen at the end of line when breaking a line, the interpreter of a
URI containing a line break immediately after a hyphen should ignore
all unescaped whitespace around the line break, and should be aware
that the hyphen may or may not actually be part of the URI.
Using <> angle brackets around each URI is especially recommended as
a delimiting style for a URI that contains whitespace.
The prefix "URL:" (with or without a trailing space) was formerly
recommended as a way to help distinguish a URI from other bracketed
designators, though it is not commonly used in practice and is
no longer recommended.
For robustness, software that accepts user-typed URI should attempt
to recognize and strip both delimiters and embedded whitespace.
contains the URI references
The URI syntax was designed for unambiguous reference to network
resources and extensibility via the URI scheme. However, as URI
identification and usage have become commonplace, traditional media
(television, radio, newspapers, billboards, etc.) have increasingly
used abbreviated URI references. That is, a reference consisting of
only the authority and path portions of the identified resource, such
as
or simply the DNS hostname on its own. Such references are primarily
intended for human interpretation rather than machine, with the
assumption that context-based heuristics are sufficient to complete
the URI (e.g., most hostnames beginning with "www" are likely to have
a URI prefix of "http://"). Although there is no standard set of
heuristics for disambiguating abbreviated URI references, many client
implementations allow them to be entered by the user and
heuristically resolved. It should be noted that such heuristics may
change over time, particularly when new URI schemes are introduced.
Since an abbreviated URI has the same syntax as a relative URI path,
abbreviated URI references cannot be used in contexts where relative
URIs are expected. This limits the use of abbreviated URIs to places
where there is no defined base URI, such as dialog boxes and off-line
advertisements.
IPv6 literals have been added to the list of possible identifiers
for the host portion of a server component, as described by
, with the addition of "[" and "]" to
the reserved, uric, and uric-no-slash sets. Square brackets are
now specified as reserved for the authority component, allowed
within the opaque part of an opaque URI, and not allowed in the
hierarchical syntax except for their use as delimiters for an
IPv6reference within host. In order to make this change without
changing the technical definition of the path, query, and fragment
components, those rules were redefined to directly specify the
characters allowed rather than continuing to be defined in terms
of uric.
Since defers to
for definition of an IPv6 literal address, which unfortunately has an
incorrect ABNF description of IPv6address, we created a new ABNF rule
for IPv6address that matches the text representations defined by
Section 2.2 of . Likewise, the definition
of IPv4address has been improved in order to limit each decimal
octet to the range 0-255, and the definition of hostname has been
improved to better specify length limitations and partially-qualified
domain names.
The ad-hoc BNF syntax has been replaced with the ABNF of
. This change required all rule names that
formerly included underscore characters to be renamed with a dash instead.
Likewise, absoluteURI and relativeURI have been changed to absolute-URI
and relative-URI, respectively, for consistency.
The ABNF of hier-part and relative-URI (Section 3) has been corrected
to allow a relative URI path to be empty. This also allows an
absolute-URI to consist of nothing after the "scheme:", as is present
in practice with the "DAV:" namespace and
the "about:" URI used by many browser implementations.
The resolving relative references algorithm of
has been rewritten using pseudocode for this revision to improve clarity
and fix the following issues:
section 5.2, step 6a, failed to account for
a base URI with no path.
Restored the behavior of where, if the
the reference contains an empty path and a defined query component,
then the target URI inherits the base URI's path component.