Forum OpenACS Development: Re: ad_quotehtml speed improvement
Now if someone wants to submit a patch to force export_vars to quote "&" we can take a look at it, but in practice I can't imagine any browser on the planet enforcing the standard in this regard ...
On the contrary - ALL my installed browsers (Opera, Mozilla, Internet Explorer) have problems with the unquoted URL I gave:<a href="calculate-resistance?volt=2&=3">
But since export_vars has a -quotehtml AND the tempalting system now quotes by default, I don't really see the need for the patch you describe ...
But the & in your url isn't html, it is just and old style of joining vars. Shouldn't the urls be fixed by using the new style, instead of quoting?
In tcl file
set volt 2
set amp 3
set url "calculate-resistance?[export_vars [list volt amp]]"
and in the adp:
My suggestion was to replace the last line with just
Please tell me how this should be "fixed using the new style".
Well, in general it looks like rfc 2396 covers the issue. From section 2.4.2. "When to Escape and Unescape":
A URI is always in an "escaped" form, since escaping or unescaping a completed URI might change its semantics. Normally, the only time escape encodings can safely be made is when the URI is being created from its component parts; each component may have its own set of characters that are reserved, so only the mechanism responsible for generating or interpreting that component can determine whether or not escaping a character will change its semantics. Likewise, a URI must be separated into its components before the escaped characters within those components can be safely decoded.
"HTML Quoting" and "url escaping" are two different things. You can't quote components of a url, and definitely not the entire url. The & is a reserved separator, and I think the new one is the ';' semi-colon. Probably the old one, when used in an HTML page needs to be quoted?