[ https://issues.apache.org/jira/browse/COUCHDB-948?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gabriel Farrell updated COUCHDB-948: ------------------------------------ Attachment: noUriEncode.diff Okay, I won't open this issue again, but I really disagree with the fix here. By dropping the encodeURIcomponent we aren't allowing arbitrary characters. They're already properly HTML escaped by jQuery's .text() method. Try it! Remove the encodeURIcomponent from the displayed text, create a document with ID "<i>foo</i>", and view the breadcrumb. All of the dangerous characters are escaped as they should be. Why force people to look at URI-encoded versions of their doc IDs in the breadcrumbs? Say I'm using telephone numbers for IDs, as mentioned in the CouchDB book, but I'm using the international prefix and spaces between number groups: "+1 510 238 8777" becomes "%2B1%20510%20238%208777". This makes Futon look like it was designed by people who didn't know better. The slash-replacing technique makes for some odd cases as well. Say I'm using a file-system layout for my doc IDs. In the breadcrumbs, "/home/foo/bar" becomes "/home%2Ffoo%2Fbar" because only the first slash is replaced. We shouldn't design the interface around the narrow case of design doc IDs. True, doc IDs need to be URI encoded when sent as a URL parameter, but that applies to any doc keys we send in queries to CouchDB. Does it make sense for Futon to display in URI-encoded format everything that might be sent as a URL parameter? Of course not. That's why keys are only HTML escaped. In the breadcrumbs we should follow the same pattern as the doc listing on the database page. The href attribute is URI encoded while the displayed text is HTML escaped. My attached patch does this. Also, I noticed the breadcrumb link to a database on its own database page is still not URI encoded. Create a database called "foo/users" and click on that link to see the problem. There's no need to link back to the database on its own page, however. It can just be HTML escaped within the <strong> tag, as we do for the document on its page. Problem solved. This fix is also in the attached patch. > Breadcrumb doesn't need to be URI encoded > ----------------------------------------- > > Key: COUCHDB-948 > URL: https://issues.apache.org/jira/browse/COUCHDB-948 > Project: CouchDB > Issue Type: Bug > Components: Futon > Affects Versions: 1.1 > Reporter: Gabriel Farrell > Priority: Trivial > Fix For: 1.0.2, 1.1 > > Attachments: noEncode.diff, noUriEncode.diff > > > Introduced by github commit 871e2617 on 2010-11-02. When I go to the design > doc "foo" for db "bob", breadcrumbs/nav shows "Overview > bob > > _design%2Ffoo" when it should be "Overview > bob > _design/foo". -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.