Can I use an at symbol (@) inside URLs?

Is it safe to use an @ symbol as part of a user? For example, a possible URL would be http://example.com/@dave.

The idea is that, nowadays, users are commonly called "@user", so why not make the user page "@username"?

Percent-encoded …

You can use the @ character in HTTP URI paths if you percent-encode it as %40.

Many browsers would display it still as @, but e.g. when you copy-and-paste the URI into a text document, it will be %40.

… but also directly

Instead of percent-encoding it, you may use @ directly in the HTTP URI path.

See the syntax for the path of an URI. Various unrelated clauses aside, the path may consist of characters in the segment, segment-nz, or segment-nz-nc set. segment and segment-nz consist of characters from the pchar set, which is defined as:

pchar = unreserved / pct-encoded / sub-delims / ":" / "@"

As you can see, the @ is listed explicitly.

The segment-nz-nc set also lists the @ character explicitly:

segment-nz-nc = 1*( unreserved / pct-encoded / sub-delims / "@" )

So, a HTTP URI like this is totally valid:

http://example.com/@dave

Example

Here is an example Wikipedia page:

• link
• copy-and-paste: http://en.wikipedia.org/wiki/%22@%22_%28album%29

As you can see, the ", (, and ) characters are percent-encoded, but the @ and the _ is used directly.

Can you use the @-symbol in a URL? - Yes, you can!

Note that that @-character, hexadecimal value 40, decimal value 64, is a reserved characters for URI's. It's usage is for things like email-addresses in mailto:URI's, for example mailto:[email protected] and for passing username and password information on a URI (which is a bad idea, but possible): http://username:[email protected]

If you want a URL that has an @-symbol in a path you need to encode it, with so called "URL-encoding". For example like this: http://somewhere.foo/profile/username%40somewhere.foo

All modern browsers will display this as http://somewhere.foo/profile/[email protected], and will convert any typed in @-sign to %40, so it's easy to use.

Many web-frameworks will also help you either automatically, or with helper-functions, to convert to and from URL-encoded URL's.

So, in summary: Yes, you can use the @-symbol in a URL, but you have to make sure it's encoded, as you can't use the @-character.

In the RFC the following characters:

> ! * ' ( ) ; : @ & = + $ , / ? % # [ ]

are reserved and:

> The purpose of reserved characters is to provide a set of delimiting > characters that are distinguishable from other data within a URI.

So it is not recommended to use these characters without encoding.

Basicaly no.

@ is a reserved character and should only be used for its intended purpose.

See: http://perishablepress.com/stop-using-unsafe-characters-in-urls/ and http://www.ietf.org/rfc/rfc3986.txt

It can be used encoded, but I don't think that is what you were asking.

Apparently modern browsers will handle this. However you asked if this was safe and according to the spec of the RFC you should not be using it (unencoded) unless it is for its intended purpose.