[dev] Re: [cvs] commit: imp compose.php

Jason M. Felice jfelice at cronosys.com
Wed Dec 1 06:17:58 PST 2004


On Wed, Dec 01, 2004 at 01:23:01AM +0100, Jan Schneider wrote:
> Zitat von "Jason M. Felice" <jfelice at cronosys.com>:
> 
> >On Tue, Nov 30, 2004 at 11:33:22PM +0100, Jan Schneider wrote:
> >>Zitat von Jason Felice <jfelice at cronosys.com>:
> >>
> >>>eraserhd    2004-11-30 10:41:43 PST
> >>>
> >>>  Modified files:
> >>>    .                    compose.php
> >>>  Log:
> >>>  * Don't encode mailbox return URLs used in header().
> >>
> >>URLs being called through javascript must not be encoded either. It looks
> >>like you don't need the $encode parameter at all. Well maybe for future
> >>usage.
> >
> >How would they not need to be encoded?  They still have to be valid
> >XHTML, no?
> >
> >Like '<body onload="javascript:window.location = 
> >'http://example.com?foo=1&bar=2';" />' would be invalid, right?
> 
> I'm not sure right now about javascript in html attributes, but I was
> talking about javascript in <script> tags. I must admit that I didn't look
> at the code closely, I just saw that some javascript was affected by your
> patch.

Shouldn't XHTML also be valid XML?  Some of the stuff I'm doing locally
uses XSLT on the produced XHTML, and I don't think a lone '&' is valid
in XML character data (although I think it might be accepted for the XHTML
transitional DTD).

> 
> Jan.
> 
> -- 
> Do you need professional PHP or Horde consulting?
> http://horde.org/consulting/
> 
> -- 
> Horde developers mailing list - Join the hunt: http://horde.org/bounties/
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: dev-unsubscribe at lists.horde.org

-- 
 Jason M. Felice
 Cronosys, LLC <http://www.cronosys.com/>
 216.221.4600 x302


More information about the dev mailing list