Forum OpenACS Development: Re: ad_quotehtml speed improvement

Collapse
Posted by Tom Jackson on

Well, in general it looks like rfc 2396 covers the issue. From section 2.4.2. "When to Escape and Unescape":

   A URI is always in an "escaped" form, since escaping or unescaping a
   completed URI might change its semantics.  Normally, the only time
   escape encodings can safely be made is when the URI is being created
   from its component parts; each component may have its own set of
   characters that are reserved, so only the mechanism responsible for
   generating or interpreting that component can determine whether or

   not escaping a character will change its semantics. Likewise, a URI
   must be separated into its components before the escaped characters
   within those components can be safely decoded.

"HTML Quoting" and "url escaping" are two different things. You can't quote components of a url, and definitely not the entire url. The & is a reserved separator, and I think the new one is the ';' semi-colon. Probably the old one, when used in an HTML page needs to be quoted?