Path parameters and slashes - request for additional clarification

[hkosova]

PR #2218 added the following text:

The value for these path parameters MUST NOT contain any unescaped "generic syntax" characters described by RFC3986: forward slashes (/), question marks (?), or hashes (#).

Does "MUST NOT contain ... unescaped" mean that:

1. If a user provides a parameter value containing a /, ?, and/or #, the client app must reject it.

or

2. If a user provides a parameter value containing a /, ?, and/or #, the client app must percent-encode these characters when building the request URL.

?

[darrelmiller]

This is up to client tooling to choose how to handle these unescaped characters. We're not sure how to word this correctly.

[mkistler]

My 2 cents: I think "MUST NOT contain ... unescaped" means that failure to escape these characters in a request can cause failures in the request -- possibly obscure and difficult to diagnose failures -- so client software should take appropriate steps to ensure these characters are properly escaped in the request. Either (1) or (2) in the description are possible actions the client can take, and the spec does not proscribe which of these or possible other approaches are used, but the end result should be that the characters are escaped in the request sent to the server.