Re: [htdig3-dev] Use of & as CGI variable separator vs. HTML 4.0

Fri, 16 Apr 1999 09:31:11 -0700 


According to Budd, S.:
> > From:       Gilles Detillieux [SMTP:[EMAIL PROTECTED]]
> > According to Torsten Neuer:
> > > According to Gilles Detillieux:
> > > >They also recommend using ";" as an alternate separator, so we should
> > > >also handle
> > > >
> > > >?x=1;y=2
> > > >and use this in Display::createURL(), if we're to follow their
> > > >recommendations.  Does anyone see a problem with using a semicolon in
> > > >this manner?
> > > 
> > > I disagree with that since AFAIK a semicolon does not necessarily need
> > > to be url-encoded.
> > > Could cause trouble if a semicolon is part of a parameter.
> > 
>       till now we could not use  &  as part of a parameter? 

I believe you're right!  I was assuming that parameters were getting
URL-encoded individually, and any "&" within a parameter got encoded
to "%26" before it got appended to the query string.  That's not
how Display::createURL() currently functions.  It concatenates all
parameter strings, separated by "&", then encodes the whole string without
changing the ampersands.  So, any "&" within a parameter would cause that
parameter to be truncated at that point when it's re-read as input in
a subsequent search.  The CGI input handling code does it correctly.
It separates out the individual variables from the query string, and
decodes only the value of each variable.

Display::createURL() really ought to do just the opposite - it should
encode the value of each variable separately, ensuring that any special
characters, including "=" & "&" (and ";" if we use it later), get encoded.
Then it should assemble the query string from these encoded variables,
using whatever separator we choose to standardize on.  The encodeURL()
function allows you to give it a list of valid punctuation as a 2nd
parameter, so it should be easy to change this.  We can then change
htlib/cgi.cc to handle that separator as well as "&".  The vertical bar
"|" gets encoded right now, so if we do the encoding properly, theres no
reason we couldn't allow it as a variable separator too.  We can also
allow "&" or "&" as separators, if we translate SGML entities
before splitting the variables.

-- 
Gilles R. Detillieux              E-mail: <[EMAIL PROTECTED]>
Spinal Cord Research Centre       WWW:    http://www.scrc.umanitoba.ca/~grdetil
Dept. Physiology, U. of Manitoba  Phone:  (204)789-3766
Winnipeg, MB  R3E 3J7  (Canada)   Fax:    (204)789-3930
------------------------------------
To unsubscribe from the htdig3-dev mailing list, send a message to
[EMAIL PROTECTED] containing the single word "unsubscribe" in
the SUBJECT of the message.

Reply via email to