[dev] Re: [cvs] commit: imp compose.php
Jason M. Felice
jfelice at cronosys.com
Wed Dec 1 06:59:58 PST 2004
On Wed, Dec 01, 2004 at 03:35:47PM +0100, Jan Schneider wrote:
> Zitat von "Jason M. Felice" <jfelice at cronosys.com>:
>
> >On Wed, Dec 01, 2004 at 01:23:01AM +0100, Jan Schneider wrote:
> >>Zitat von "Jason M. Felice" <jfelice at cronosys.com>:
> >>
> >>>On Tue, Nov 30, 2004 at 11:33:22PM +0100, Jan Schneider wrote:
> >>>>Zitat von Jason Felice <jfelice at cronosys.com>:
> >>>>
> >>>>>eraserhd 2004-11-30 10:41:43 PST
> >>>>>
> >>>>> Modified files:
> >>>>> . compose.php
> >>>>> Log:
> >>>>> * Don't encode mailbox return URLs used in header().
> >>>>
> >>>>URLs being called through javascript must not be encoded either. It
> >>looks
> >>>>like you don't need the $encode parameter at all. Well maybe for future
> >>>>usage.
> >>>
> >>>How would they not need to be encoded? They still have to be valid
> >>>XHTML, no?
> >>>
> >>>Like '<body onload="javascript:window.location =
> >>>'http://example.com?foo=1&bar=2';" />' would be invalid, right?
> >>
> >>I'm not sure right now about javascript in html attributes, but I was
> >>talking about javascript in <script> tags. I must admit that I didn't look
> >>at the code closely, I just saw that some javascript was affected by your
> >>patch.
> >
> >Shouldn't XHTML also be valid XML? Some of the stuff I'm doing locally
> >uses XSLT on the produced XHTML, and I don't think a lone '&' is valid
> >in XML character data (although I think it might be accepted for the XHTML
> >transitional DTD).
>
> Exactly. That's why you sometime need to put javascript in CDATA sections
> inside <script> tag if it contains an ampersand. And javascript doesn't
> decode URLs, for example passed to window.location.
Aha! So in a <!CDATA[[[ ]]]> section, we need to not encode the URL. I
wasn't aware we were using any, but now I'll pay attention. :)
--
Jason M. Felice
Cronosys, LLC <http://www.cronosys.com/>
216.221.4600 x302
More information about the dev
mailing list