[dev] Re: [cvs] commit: imp compose.php
Jason M. Felice
jfelice at cronosys.com
Wed Dec 1 06:17:58 PST 2004
On Wed, Dec 01, 2004 at 01:23:01AM +0100, Jan Schneider wrote:
> Zitat von "Jason M. Felice" <jfelice at cronosys.com>:
>
> >On Tue, Nov 30, 2004 at 11:33:22PM +0100, Jan Schneider wrote:
> >>Zitat von Jason Felice <jfelice at cronosys.com>:
> >>
> >>>eraserhd 2004-11-30 10:41:43 PST
> >>>
> >>> Modified files:
> >>> . compose.php
> >>> Log:
> >>> * Don't encode mailbox return URLs used in header().
> >>
> >>URLs being called through javascript must not be encoded either. It looks
> >>like you don't need the $encode parameter at all. Well maybe for future
> >>usage.
> >
> >How would they not need to be encoded? They still have to be valid
> >XHTML, no?
> >
> >Like '<body onload="javascript:window.location =
> >'http://example.com?foo=1&bar=2';" />' would be invalid, right?
>
> I'm not sure right now about javascript in html attributes, but I was
> talking about javascript in <script> tags. I must admit that I didn't look
> at the code closely, I just saw that some javascript was affected by your
> patch.
Shouldn't XHTML also be valid XML? Some of the stuff I'm doing locally
uses XSLT on the produced XHTML, and I don't think a lone '&' is valid
in XML character data (although I think it might be accepted for the XHTML
transitional DTD).
>
> Jan.
>
> --
> Do you need professional PHP or Horde consulting?
> http://horde.org/consulting/
>
> --
> Horde developers mailing list - Join the hunt: http://horde.org/bounties/
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: dev-unsubscribe at lists.horde.org
--
Jason M. Felice
Cronosys, LLC <http://www.cronosys.com/>
216.221.4600 x302
More information about the dev
mailing list