* Larry Leszczynski <lar...@emailplus.org> [2014-12-04 21:35]: > On Thu, Dec 4, 2014, at 12:41 PM, Trevor Leffler wrote: > > This is a typical use: > > > > <link href="[% c.uri_for('/static/css/my_style.css') | html %]" > > rel="stylesheet"> > > Assuming you're using Template Toolkit, you should use the "url" > filter, not the "html" filter: > > <link href="[% c.uri_for('/static/css/my_style.css') | url %]" > rel="stylesheet">
No. First, if $c->uri_for gives you a URI which isn’t already correctly URI-encoded, then it has a bug which should be reported. And if it does give you correctly encoded URIs, as it should and probably does, then re-encoding them will break any already-encoded parts. Second, you are outputting URIs into HTML content, and URIs can contain verbatim things that are metacharacters in HTML, such as ampersands. Those need to be entity-escaped for HTML. If you aren’t doing that, then you are producing broken HTML. So what you are directing Trevor to do is broken – and not just once but twice. In practice, URIs that require escaping are uncommon and browsers go to enormous lengths to understand broken HTML (and unescaped ampersands in URIs are a very common problem), so you can go for a long time without running these problems. But that code is still broken, and broken twice, nonetheless. Regards, -- Aristotle Pagaltzis // <http://plasmasturm.org/> _______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/