Introduction
Introduction Statistics Contact Development Disclaimer Help
----------------------------------------
Which gopher daemons have been patched to fix the hURL issue?
February 27th, 2024
----------------------------------------
So if you've been following my phlog, you'll see that I discovered that
most gopher daemons implementing the hURL hack have done so in a rather
haphazard manner, both failing to produce proper URLs (certain reserved
characters MUST be percent encoded) and to produce proper HTML (reserved
characters MUST be HTML entities less they are interpreted as HTML).
Here's where we stand right now with various servers:
bucktooth - fixed, breaking change
geomyidae - fixed, breaking change
gophernicus - broken
pygopherd (python3) - fixed
motsognir - NOT fixed (yet?).
Now you'll notice that I have labeled bucktooth and geomyidae's fix as
a "breaking change", this is because with these gopher servers, if you
are using one of the reserved characters in a URL in gophermap, that URL
will no longer generate a hURL page after the update: until you update
the gophermap to have the characters percent encoded. As for gophernicus
and pygopherd they will do the percent encoding for you; meaning the fix
is absolutely painless for users of those daemons.
BTW, now is a good time to mention (as geomyidae now does!): The hURL
hack is stupid. Very stupid. Please stop using it; we've had a gopher-
native URL scheme that is much better since 1992. It is type w. As-of
NOW gopher.zcrayfish.soy will return type w if you're connecting via
IPv6. If you're connecting via IPv4, I'll still send the hURL hack for
now, but seriously, as clients are updated to support IPv6, they need to
have type w patched in as well.
And as for gopher servers generating HTML pages, consider generating
XHTML pages with an XML declaration, clients that are served these pages
and support XML will stop parsing and print an error in the event that
someone manages to pull off an attack of this type...
Edit 28 Feb: Just don't use gophernicus. The patch is broken.
Edit 15 March 2025: gophernicus may have been fixed... Not checking.
----------------------------------------
Back to phlog index
gopher.zcrayfish.soy gopher root
The wheel has been reinvented 973 times.
Comments are enabled for this post, select here to leave yours
Comments have been left on this post:
I'm genuinely curious: does any gopher client exist that a) can render
HTML but b) does NOT support URL: selectors? That seems like a strange
combination of features to me. I've used only a small handful of gopher
clients so far (Lynx, Bombadillo, Overbite for Android, GOPHRite), and
they all support URL: selectors just fine WITHOUT a server-generated
HTML redirect page. And if no such client actually exists, is it now
safe to omit URL: support in Gopher servers? -cw
Posted Thu Feb 27 19:09:44 UTC 2025 by 174-17-246-5.phnx.qwest.net.
------------------------------------------------------------------------
Seems w3m supports HTML but not URL: selectors. It's not a very good
Gopher client, so not much is lost without URL: server support. -cw
Posted Thu Feb 27 20:53:01 UTC 2025 by 174-17-246-5.phnx.qwest.net.
------------------------------------------------------------------------
Any gopher client that inherited its gopher support from libwww and pre-
dates the hURL hack, or just didn't bother to implement it, will render
HTML and don't support the URL: selector. Hopefully these are becoming
rare these days. It's definitely safer for everyone if the server-
generated HTML redirect pages are simply ditched entirely.
Posted Mar 15 23:57:44 UTC 2025 by zachary
------------------------------------------------------------------------
Gophernicus is still broken but possibly in a different way. It has a
function called `html_encode` which doesn't actually HTML encode;
instead it percent-encodes some characters. One character that it
leaves intact is the ampersand. Fail. I'm working on a patch now to
make it actually HTML encode text. -cw
Posted Fri May 30 19:36:31 UTC 2025 by
wsip-98-163-190-162.ph.ph.cox.net.
------------------------------------------------------------------------
You are viewing proxied material from gopher.zcrayfish.soy. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.