On 2011/04/12 01:14:10, xtof wrote:
On Mon, Apr 11, 2011 at 17:54, <t.bro...@gmail.com> wrote:
> Note that the CSS spec talks about using '\(', not '\028'. I however > have absolutely no idea how well this is supported by browsers. > I think I read somewhere that this doesn't work in IE (which seems to interpret \ literally in URLs because windows users keep typing things
like
http:\\example.com\ into URL bars). I should test this...
That's required for web compat' http://tools.ietf.org/html/draft-ietf-iri-3987bis-05#section-7.2 A quick test in IE8 confirms that it correctly parsed "\" as an escape though: body { background: url('http://www.google.com/images/logos/ps_logo2.png\'\(\)'); } doesn't display the image, and shows with value "url(http://www.google.com/images/logos/ps_logo2.png'())" in the IE8 Developer Tools (which we all know is bad at serializing its internal values). I tried with and without the enclosing single quotes. I've rebased my working copy on the latest trunk, with the SafeStyles change. I'll correctly merge/integrate my changes in and re-test. Maybe I'll add the URL-escaping too (though for the CSS context, given the above quick-test, I'll probably rather \-escape). I'll see if we can add a check in UriUtils.fromTrustedString that it only contains "valid URI chars". If it ever happens to take a bit more time than "acceptable", though, I'll put TODOs instead, as these are rather edge cases anyway. http://gwt-code-reviews.appspot.com/1380806/ -- http://groups.google.com/group/Google-Web-Toolkit-Contributors