Flickr photos
Recent links
Internet Explorer restriction on URI of forms with a GET method
2006, May 11 - 13:59 — müzso
Internet Explorer limits the length of the URI that you can submit in an HTML form with the GET method to 2083 bytes.
I do not know where that number comes from, I've got it through testing various URI lengths and that one showed up as the longest URI that IE was willing to submit. However if you've got a dynamically generated form with lots of input fields, then it can easily happen that during development you test only with a small number of fields, but the customer uses parameters that generate a very big number of form fields ... and the 2083 byte limit is reached.
The real problem starts when you get the feedback from the customer that the form does not work for some parameters. You press the submit button on the form, but nothing happens. The form is not submitted, no error message of any sort ... nothing. You test the same form with same parameters in Firefox and it works like a charm. Now "what the hell is going on?" - one could ask himself. :->
I had a hard time discovering the truth that IE silently blocks the submit of forms where the method is "GET" and the URI (that is composed from the name+value pairs of each form field at the time of submit) gets longer than 2083 bytes.
((
The extra fun is that everything else works OK (eg. event handlers on the submit button are executed), just the submit is skipped.
Conclusion: _never_ever_ use the "GET" method in a form that can have a flexible number of elements (inputs), use "POST" instead!
Btw. Microsoft was not even close to the HTTP/1.1 specification (RFC2616) with its implementation.
The RFC writes the following about URI lengths:
"The HTTP protocol does not place any a priori limit on the length of a URI. Servers MUST be able to handle the URI of any resource they serve, and SHOULD be able to handle URIs of unbounded length if they provide GET-based forms that could generate such URIs. A server SHOULD return 414 (Request-URI Too Long) status if a URI is longer than the server can handle (see section 10.4.15)."
Of course the RFC talks about the server-side (does not even mention the clients) ... but putting such a silent failure into the browser is imho a very-very dumb thing to do.((
I do not know where that number comes from, I've got it through testing various URI lengths and that one showed up as the longest URI that IE was willing to submit. However if you've got a dynamically generated form with lots of input fields, then it can easily happen that during development you test only with a small number of fields, but the customer uses parameters that generate a very big number of form fields ... and the 2083 byte limit is reached.
The real problem starts when you get the feedback from the customer that the form does not work for some parameters. You press the submit button on the form, but nothing happens. The form is not submitted, no error message of any sort ... nothing. You test the same form with same parameters in Firefox and it works like a charm. Now "what the hell is going on?" - one could ask himself. :->
I had a hard time discovering the truth that IE silently blocks the submit of forms where the method is "GET" and the URI (that is composed from the name+value pairs of each form field at the time of submit) gets longer than 2083 bytes.
((The extra fun is that everything else works OK (eg. event handlers on the submit button are executed), just the submit is skipped.
Conclusion: _never_ever_ use the "GET" method in a form that can have a flexible number of elements (inputs), use "POST" instead!
Btw. Microsoft was not even close to the HTTP/1.1 specification (RFC2616) with its implementation.
The RFC writes the following about URI lengths:
"The HTTP protocol does not place any a priori limit on the length of a URI. Servers MUST be able to handle the URI of any resource they serve, and SHOULD be able to handle URIs of unbounded length if they provide GET-based forms that could generate such URIs. A server SHOULD return 414 (Request-URI Too Long) status if a URI is longer than the server can handle (see section 10.4.15)."
Of course the RFC talks about the server-side (does not even mention the clients) ... but putting such a silent failure into the browser is imho a very-very dumb thing to do.
((
All of my own contents here (if not noted otherwise) are licensed under the
Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License.
Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License.
Recent comments
6 days 15 hours ago
1 week 13 hours ago
1 week 14 hours ago
1 week 1 day ago
1 week 1 day ago
1 week 5 days ago
1 week 5 days ago
3 weeks 3 days ago
3 weeks 3 days ago
3 weeks 5 days ago