Forum OpenACS Development: Re: ad_quotehtml speed improvement

Posted by Nis Jørgensen on
Don wrote:
Now if someone wants to submit a patch to force export_vars to quote "&" we can take a look at it, but in practice I can't imagine any browser on the planet enforcing the standard in this regard ...

On the contrary - ALL my installed browsers (Opera, Mozilla, Internet Explorer) have problems with the unquoted URL I gave:

<a href="calculate-resistance?volt=2&amp=3">

But since export_vars has a -quotehtml AND the tempalting system now quotes by default, I don't really see the need for the patch you describe ...

Posted by Tom Jackson on

But the & in your url isn't html, it is just and old style of joining vars. Shouldn't the urls be fixed by using the new style, instead of quoting?

Posted by Nis Jørgensen on
I have no idea what you are talking about with "old style" and "new style". The url I gave is the result of doing what Dave Bauer suggested:

In tcl file

  set volt 2
  set amp 3
  set url "calculate-resistance?[export_vars [list volt amp]]"

and in the adp:

  <a href="@url;noquote@">

My suggestion was to replace the last line with just

  <a href="@url@">

Please tell me how this should be "fixed using the new style".

Posted by Tom Jackson on

Well, in general it looks like rfc 2396 covers the issue. From section 2.4.2. "When to Escape and Unescape":

   A URI is always in an "escaped" form, since escaping or unescaping a
   completed URI might change its semantics.  Normally, the only time
   escape encodings can safely be made is when the URI is being created
   from its component parts; each component may have its own set of
   characters that are reserved, so only the mechanism responsible for
   generating or interpreting that component can determine whether or

   not escaping a character will change its semantics. Likewise, a URI
   must be separated into its components before the escaped characters
   within those components can be safely decoded.

"HTML Quoting" and "url escaping" are two different things. You can't quote components of a url, and definitely not the entire url. The & is a reserved separator, and I think the new one is the ';' semi-colon. Probably the old one, when used in an HTML page needs to be quoted?