Can I use an at symbol (@) inside URLs?
HttpUrlCharacterHttp Problem Overview
Is it safe to use an @
symbol as part of a user? For example, a possible URL would be http://example.com/@dave
.
The idea is that, nowadays, users are commonly called "@user", so why not make the user page "@username"?
Http Solutions
Solution 1 - Http
Percent-encoded …
You can use the @
character in HTTP URI paths if you percent-encode it as %40
.
Many browsers would display it still as @
, but e.g. when you copy-and-paste the URI into a text document, it will be %40
.
… but also directly
Instead of percent-encoding it, you may use @
directly in the HTTP URI path.
See the syntax for the path of an URI. Various unrelated clauses aside, the path may consist of characters in the segment
, segment-nz
, or segment-nz-nc
set. segment
and segment-nz
consist of characters from the pchar
set, which is defined as:
pchar = unreserved / pct-encoded / sub-delims / ":" / "@"
As you can see, the @
is listed explicitly.
The segment-nz-nc
set also lists the @
character explicitly:
segment-nz-nc = 1*( unreserved / pct-encoded / sub-delims / "@" )
So, a HTTP URI like this is totally valid:
http://example.com/@dave
Example
Here is an example Wikipedia page:
- link
- copy-and-paste:
http://en.wikipedia.org/wiki/%22@%22_%28album%29
As you can see, the "
, (
, and )
characters are percent-encoded, but the @
and the _
is used directly.
Solution 2 - Http
Can you use the @-symbol in a URL? - Yes, you can!
Note that that @-character, hexadecimal value 40, decimal value 64, is a reserved characters for URI's. It's usage is for things like email-addresses in mailto:
URI's, for example mailto:[email protected]
and for passing username and password information on a URI (which is a bad idea, but possible): http://username:[email protected]
If you want a URL that has an @-symbol in a path you need to encode it, with so called "URL-encoding". For example like this: http://somewhere.foo/profile/username%40somewhere.foo
All modern browsers will display this as http://somewhere.foo/profile/[email protected], and will convert any typed in @-sign to %40
, so it's easy to use.
Many web-frameworks will also help you either automatically, or with helper-functions, to convert to and from URL-encoded URL's.
So, in summary: Yes, you can use the @-symbol in a URL, but you have to make sure it's encoded, as you can't use the @-character.
Solution 3 - Http
In the RFC the following characters:
> ! * ' ( ) ; : @ & = + $ , / ? % # [ ]
are reserved and:
> The purpose of reserved characters is to provide a set of delimiting > characters that are distinguishable from other data within a URI.
So it is not recommended to use these characters without encoding.
Solution 4 - Http
Basicaly no.
@
is a reserved character and should only be used for its intended purpose.
See: http://perishablepress.com/stop-using-unsafe-characters-in-urls/ and http://www.ietf.org/rfc/rfc3986.txt
It can be used encoded, but I don't think that is what you were asking.
Apparently modern browsers will handle this. However you asked if this was safe and according to the spec of the RFC you should not be using it (unencoded) unless it is for its intended purpose.