[
https://issues.apache.org/jira/browse/COUCHDB-948?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gabriel Farrell updated COUCHDB-948:
------------------------------------
Attachment: noUriEncode.diff
Okay, I won't open this issue again, but I really disagree with the fix here.
By dropping the encodeURIcomponent we aren't allowing arbitrary characters.
They're already properly HTML escaped by jQuery's .text() method. Try it!
Remove the encodeURIcomponent from the displayed text, create a document with
ID "<i>foo</i>", and view the breadcrumb. All of the dangerous characters are
escaped as they should be.
Why force people to look at URI-encoded versions of their doc IDs in the
breadcrumbs? Say I'm using telephone numbers for IDs, as mentioned in the
CouchDB book, but I'm using the international prefix and spaces between number
groups: "+1 510 238 8777" becomes "%2B1%20510%20238%208777". This makes Futon
look like it was designed by people who didn't know better.
The slash-replacing technique makes for some odd cases as well. Say I'm using a
file-system layout for my doc IDs. In the breadcrumbs, "/home/foo/bar" becomes
"/home%2Ffoo%2Fbar" because only the first slash is replaced. We shouldn't
design the interface around the narrow case of design doc IDs.
True, doc IDs need to be URI encoded when sent as a URL parameter, but that
applies to any doc keys we send in queries to CouchDB. Does it make sense for
Futon to display in URI-encoded format everything that might be sent as a URL
parameter? Of course not. That's why keys are only HTML escaped.
In the breadcrumbs we should follow the same pattern as the doc listing on the
database page. The href attribute is URI encoded while the displayed text is
HTML escaped. My attached patch does this.
Also, I noticed the breadcrumb link to a database on its own database page is
still not URI encoded. Create a database called "foo/users" and click on that
link to see the problem. There's no need to link back to the database on its
own page, however. It can just be HTML escaped within the <strong> tag, as we
do for the document on its page. Problem solved. This fix is also in the
attached patch.
> Breadcrumb doesn't need to be URI encoded
> -----------------------------------------
>
> Key: COUCHDB-948
> URL: https://issues.apache.org/jira/browse/COUCHDB-948
> Project: CouchDB
> Issue Type: Bug
> Components: Futon
> Affects Versions: 1.1
> Reporter: Gabriel Farrell
> Priority: Trivial
> Fix For: 1.0.2, 1.1
>
> Attachments: noEncode.diff, noUriEncode.diff
>
>
> Introduced by github commit 871e2617 on 2010-11-02. When I go to the design
> doc "foo" for db "bob", breadcrumbs/nav shows "Overview > bob >
> _design%2Ffoo" when it should be "Overview > bob > _design/foo".
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
