Can I use an at symbol (@) inside URLs?

Asked 22/10, 2013 at 4:32 Answered 4/8, 2022 at 15:30

http url character

116

Is it safe to use an @ symbol as part of a user? For example, a possible URL would be http://example.com/@dave.

The idea is that, nowadays, users are commonly called "@user", so why not make the user page "@username"?

Habana answered 22/10, 2013 at 4:32 Comment(4)

"users are commonly called @user" - WAT? But yes, you can use @ in a URL. – Ovolo 22/10, 2013 at 4:36

I think there is nothing wrong in using @ in url unless it is properly url encoded. – Alis 22/10, 2013 at 4:37

@user1671639: I think you mean "as long as it is properly url encoded". – Ovolo 22/10, 2013 at 7:25

Just noticed google maps is now using @ in its URLs: google.com/maps/@0,0,2z – Frizzy 2/3, 2014 at 21:1

153

Percent-encoded …

You can use the @ character in HTTP URI paths if you percent-encode it as %40.

Many browsers would display it still as @, but e.g. when you copy-and-paste the URI into a text document, it will be %40.

… but also directly

Instead of percent-encoding it, you may use @ directly in the HTTP URI path.

See the syntax for the path of an URI. Various unrelated clauses aside, the path may consist of characters in the segment, segment-nz, or segment-nz-nc set. segment and segment-nz consist of characters from the pchar set, which is defined as:

pchar = unreserved / pct-encoded / sub-delims / ":" / "@"

As you can see, the @ is listed explicitly.

The segment-nz-nc set also lists the @ character explicitly:

segment-nz-nc = 1*( unreserved / pct-encoded / sub-delims / "@" )

So, a HTTP URI like this is totally valid:

http://example.com/@dave

Example

Here is an example Wikipedia page:

link
copy-and-paste: http://en.wikipedia.org/wiki/%22@%22_%28album%29

As you can see, the ", (, and ) characters are percent-encoded, but the @ and the _ is used directly.

Mezzorelievo answered 2/11, 2013 at 1:12 Comment(10)

Good news! But then, why don't Twitter does this? – Meilhac 19/1, 2015 at 20:3

@AugustinRiedinger: Could you provide an example URL? I don’t use Twitter, and from what I see they don’t use @ in URLs anymore, but the old (?) profile URLs still work: example with percent-encoded @ (does not work!) vs. example using @ directly (does work!). – Mezzorelievo 19/1, 2015 at 21:19

Interesting! Indeed, works with or without @ in the case of Twitter. Their inner links do refer the the url without @ though: twitter.com/@stackexchange – Meilhac 19/1, 2015 at 21:47

I had to upvote :3 The main issue with @-sign is that its also used by some applications to split [email protected] for direct authentication like SSH and such, but for HTTP plain and good, as soon as its after the first / I don't think there is any problem either. – Stanleigh 27/8, 2015 at 16:30

should '@' and it's encoded form '%40' be treated as equivalent in a path according to the RFC? In other words does the RFC state that twitter.com/@stackexchange and twitter.com/%40stackexchange SHALL be treated equivalently? – Shrivel 28/4, 2016 at 17:49

@RalphCallaway: AFAIK only unreserved characters are equivalent to their percent-encoded form, but the @ is not unreserved. So consumers must not assume that %40 and @ are equivalent. – Mezzorelievo 28/4, 2016 at 18:4

For reference, the separate question about this: Must '@' and '%40' be treated equivalently in URL paths? – Mezzorelievo 29/4, 2016 at 13:44

Many browsers would display it still as @, but e.g. when you copy-and-paste the URI into a text document, it will be %40.

That's not true for Chrome. – Alius 23/7, 2016 at 12:55

Sub-delims, including @, are valid in the path -- but caveat they are intended to be used by specific URI schemes and/or URI routing algorithms. They are NOT meant to be actually parts of the path segment -- but separators and operators within a path segment. Ideally example.com/myResource and example.com/myResource@taco/ route to the same execution entry point. or resource, but are interpreted differently by the system/framework/project you are using when it comes to serving http services – Massacre 27/5, 2022 at 20:22

You will have to use %40 if the @ is in the user name part. – Impulse 30/4 at 3:12

Can you use the @-symbol in a URL? - Yes, you can!

Note that that @-character, hexadecimal value 40, decimal value 64, is a reserved characters for URI's. It's usage is for things like email-addresses in mailto:URI's, for example mailto:[email protected] and for passing username and password information on a URI (which is a bad idea, but possible): http://username:[email protected]

If you want a URL that has an @-symbol in a path you need to encode it, with so called "URL-encoding". For example like this: http://somewhere.foo/profile/username%40somewhere.foo

All modern browsers will display this as http://somewhere.foo/profile/[email protected], and will convert any typed in @-sign to %40, so it's easy to use.

Many web-frameworks will also help you either automatically, or with helper-functions, to convert to and from URL-encoded URL's.

So, in summary: Yes, you can use the @-symbol in a URL, but you have to make sure it's encoded, as you can't use the @-character.

Ovolo answered 22/10, 2013 at 7:18 Comment(3)

+1 perfect. Instead of relaying on the theory better to give a try. This is the thing I meant, thanks for making this as nice answer. – Alis 22/10, 2013 at 7:38

Though encoding is not bad advice, @ characters do not "need" to be encoded in the path part of a url (greenbytes.de/tech/webdav/rfc3986.html#path) – Copulative 7/8, 2016 at 23:33

Is the reverse true? If I have a URL with an @, can I replace the @ with %40? It seems to not be the case for the following: - URL with @ works: replit.com/@joseville/Prime-Numbers - but URL with %40 instead of @ doesn't work: replit.com/%40joseville/Prime-Numbers – Brighten 10/3, 2023 at 21:58

In the RFC the following characters:

* ' ( ) ; : @ & = + $ , / ? % # [ ]

are reserved and:

The purpose of reserved characters is to provide a set of delimiting characters that are distinguishable from other data within a URI.

So it is not recommended to use these characters without encoding.

Tribune answered 22/10, 2013 at 4:41 Comment(1)

The @ symbol is explicitly allowed in URL path. See rfc-editor.org/rfc/rfc3986#section-3.3 – Electrode 21/2, 2023 at 10:4

Basicaly no.

@ is a reserved character and should only be used for its intended purpose.

See: http://perishablepress.com/stop-using-unsafe-characters-in-urls/ and http://www.ietf.org/rfc/rfc3986.txt

It can be used encoded, but I don't think that is what you were asking.

Apparently modern browsers will handle this. However you asked if this was safe and according to the spec of the RFC you should not be using it (unencoded) unless it is for its intended purpose.

Satiate answered 22/10, 2013 at 4:37 Comment(0)

I found this question when I tried to search site:typescriptlang.org @ts-ignore at Chrome, and then got the result of This page isn't working, ts-ignore is currently unable to handle this request and I saw the URL became "http://site:typescriptlang.org%20@ts-ignore/". I felt so refused, then searched @ symbol's function at an URL and then I found my answer on Wikipedia.

The full format of the URL is scheme://userInfo@host:port/path?query#fragment. so when we search site:typescriptlang.org @ts-ignore, the browser will think you want to visit "http://site:typescriptlang.org%20@ts-ignore/". In this URL, http is a scheme, site:typescriptlang.org%20 is a userInfo ("%20" is escaped by a space character), "ts-ignore/" is a host. Of course, we can't visit the host named "ts-ignore" without a domain.

So, @ symbol can be a separator between userInfo and host.

Tetramethyldiarsine answered 4/8, 2022 at 15:30 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Percent-encoded …

… but also directly

Example

Recommended topics

Hot tags