@-notation was never legal in HTTP URLs anyway

Raymond Chen

Some people are in an uproar over IE’s dropping of support for @ notation in HTTP URLs. What people fail to note is that The @ notation was never legal for HTTP URLs in the first place. If you go to RFC 1738 section 3.3 (HTTP), it explicitly states:

An HTTP URL takes the form:


where <host> and <port> are as described in Section 3.1. If :<port> is omitted, the port defaults to 80. No user name or password is allowed.

(Emphasis mine.)

So there are now three sides to the argument:

  • “I want Internet Explorer to be backwards-compatible with my invalid URLs.” (These people want the @-syntax retained.)

  • “I want Internet Explorer to be more secure.” (These people want the @-syntax removed.)

  • “I want Internet Explorer to be more standards-compliant.” (These people also want the @-syntax removed.)

Personally I think dropping support for @-notation was the right thing to do.

[Raymond is currently on vacation; this message was pre-recorded.]


Discussion is closed.

Feedback usabilla icon