On Thu, Jul 27, 2000 at 01:14:54PM -0700, Randal L. Schwartz wrote:
> >>>>> "Jacob" == Jacob Davies <[EMAIL PROTECTED]> writes:
>
> Jacob> <A HREF="/somehandler?email=<#EMAIL URLESC>">
>
> That should actually be both URL escaped *and* HTML escaped if it
> also contains &'s, like the form fields.
When I say URL-escape, I mean do this:
$str =~ s/([^a-zA-Z0-9_\-.])/ uc sprintf '%%%02x', ord $1 /eg;
Ampersands and quote marks and such can't make it through that. I think the
Apache::Util::escape_uri does something less than that, and I'm not sure which
is more correct (or even what source would tell me which is more correct).
Now as to ampersands used to separate form fields, like:
<A HREF="/somehandler?email=jacob%40sfinteractive.com&name=Jacob">
do you mean that it should be:
<A HREF="/somehandler?email=jacob%40sfinteractive.com&name=Jacob">
instead? That second one looks better now that I look at it, but I confess
that I invariably use the first one. I should know better. I guess that's
not a templating issue though, that's an HTML-coding issue. I tend not to
generate full URLs in my Perl code, since I can easily interpolate variables
into the value parts of the query string, so I can technically blame the HTML
coders for this one :)
--
Jacob Davies
Lead UNIX Engineer
SF Interactive
[EMAIL PROTECTED]
