[dev] Re: [cvs] commit: imp compose.php
Jan Schneider
jan at horde.org
Tue Nov 30 16:23:01 PST 2004
Zitat von "Jason M. Felice" <jfelice at cronosys.com>:
> On Tue, Nov 30, 2004 at 11:33:22PM +0100, Jan Schneider wrote:
>> Zitat von Jason Felice <jfelice at cronosys.com>:
>>
>> >eraserhd 2004-11-30 10:41:43 PST
>> >
>> > Modified files:
>> > . compose.php
>> > Log:
>> > * Don't encode mailbox return URLs used in header().
>>
>> URLs being called through javascript must not be encoded either. It looks
>> like you don't need the $encode parameter at all. Well maybe for future
>> usage.
>
> How would they not need to be encoded? They still have to be valid
> XHTML, no?
>
> Like '<body onload="javascript:window.location =
> 'http://example.com?foo=1&bar=2';" />' would be invalid, right?
I'm not sure right now about javascript in html attributes, but I was
talking about javascript in <script> tags. I must admit that I didn't look
at the code closely, I just saw that some javascript was affected by your
patch.
Jan.
--
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/
More information about the dev
mailing list