[dev] Re: [cvs] commit: imp compose.php

Jan Schneider jan at horde.org
Wed Dec 1 06:35:47 PST 2004


Zitat von "Jason M. Felice" <jfelice at cronosys.com>:

> On Wed, Dec 01, 2004 at 01:23:01AM +0100, Jan Schneider wrote:
>> Zitat von "Jason M. Felice" <jfelice at cronosys.com>:
>>
>> >On Tue, Nov 30, 2004 at 11:33:22PM +0100, Jan Schneider wrote:
>> >>Zitat von Jason Felice <jfelice at cronosys.com>:
>> >>
>> >>>eraserhd    2004-11-30 10:41:43 PST
>> >>>
>> >>>  Modified files:
>> >>>    .                    compose.php
>> >>>  Log:
>> >>>  * Don't encode mailbox return URLs used in header().
>> >>
>> >>URLs being called through javascript must not be encoded either. It looks
>> >>like you don't need the $encode parameter at all. Well maybe for future
>> >>usage.
>> >
>> >How would they not need to be encoded?  They still have to be valid
>> >XHTML, no?
>> >
>> >Like '<body onload="javascript:window.location =
>> >'http://example.com?foo=1&bar=2';" />' would be invalid, right?
>>
>> I'm not sure right now about javascript in html attributes, but I was
>> talking about javascript in <script> tags. I must admit that I didn't look
>> at the code closely, I just saw that some javascript was affected by your
>> patch.
>
> Shouldn't XHTML also be valid XML?  Some of the stuff I'm doing locally
> uses XSLT on the produced XHTML, and I don't think a lone '&' is valid
> in XML character data (although I think it might be accepted for the XHTML
> transitional DTD).

Exactly. That's why you sometime need to put javascript in CDATA sections
inside <script> tag if it contains an ampersand. And javascript doesn't
decode URLs, for example passed to window.location.

Jan.

-- 
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/


More information about the dev mailing list