On ampersands in query strings (was: HTML entities in URLs and urlencoding)

[Aristotle Pagaltzis]

* Waylan Limberg <[EMAIL PROTECTED]> [2008-04-01 03:50]:
> As far as I can tell, the "&" breaks the query string.

No, it doesn’t, as you found out.

However, on a tangential note: if you write web apps, *please*
make sure that you support the semicolon as a query parameter
separator as well as the ampersand:

http://www.w3.org/TR/html4/appendix/notes.html#h-B.2.2

More importantly, please **please** make sure that the URIs your
code generates use semicolons rather than ampersands. Semicolons
need not be escaped in HTML and XML, which makes copy-pasting
users much less likely to produce invalid markup regardless of
the context they’re working in.

Even though this W3C recommendation is over a decade old, use of
ampersands in query strings persists. (In fact, PHP not only does
not emit URIs with semicolon-separated query strings, by default
it cannot even parse them! You need to set an unbreak-me config
option to make it recognise the semicolon.)

Regards,
-- 
Aristotle Pagaltzis // 
___
Markdown-Discuss mailing list
Markdown-Discuss@six.pairlist.net
http://six.pairlist.net/mailman/listinfo/markdown-discuss

Re: HTML entities in URLs and urlencoding

[Waylan Limberg]

On Mon, Mar 31, 2008 at 9:53 PM, Milian Wolff <[EMAIL PROTECTED]> wrote:
[snip]
>
>  > > So the "&" must not be escaped!
>
>  It must! See also 
>

Doh'! I knew that. Of course, I just typed a url with an & in my
address bar and it didn't work. Now I feel like an idiot. Thanks for
bringing me back.


-- 

Waylan Limberg
[EMAIL PROTECTED]
___
Markdown-Discuss mailing list
Markdown-Discuss@six.pairlist.net
http://six.pairlist.net/mailman/listinfo/markdown-discuss

Re: HTML entities in URLs and urlencoding

[Milian Wolff]

Am Dienstag, 1. April 2008 schrieb Waylan Limberg:
> We recently received the following bug report for the python-markdown
>
> implementation:
> > The "&" are escaped in URLs.
> >
> > An example:
> > [Link](http://www.site.com/?param1=value1¶m2=value1)
> >
> > Should output:
> > http://www.site.com/?param1=value1¶m2=value1";>Link

No it shouldn't. This is invalid (x)HTML.

> > Currently outputs:
> >  > href="http://www.site.com/?param1=value1¶m2=value1";>Link

Which is valid (x)HTML!

> > So the "&" must not be escaped!

It must! See also 



-- 
Milian Wolff
http://milianw.de
OpenPGP key: CD1D1393


signature.asc
Description: This is a digitally signed message part.
___
Markdown-Discuss mailing list
Markdown-Discuss@six.pairlist.net
http://six.pairlist.net/mailman/listinfo/markdown-discuss

HTML entities in URLs and urlencoding

[Waylan Limberg]

We recently received the following bug report for the python-markdown
implementation:

> The "&" are escaped in URLs.
>
> An example:
> [Link](http://www.site.com/?param1=value1¶m2=value1)
>
> Should output:
> http://www.site.com/?param1=value1¶m2=value1";>Link
>
> Currently outputs:
> http://www.site.com/?param1=value1¶m2=value1";>Link
>
> So the "&" must not be escaped!

A fix is easy, but it occurred to me that perhaps links should be
urlencoded -- at least some chars should be. Specifically the "unsafe"
chars listed in RFC 1738 [1]. The "reserved" chars probably should too
when not used in their approved manner (i.e.: A colon should only be
allowed after the scheme (http://) or in the location
(usr:[EMAIL PROTECTED]:port) but should be encoded anywhere else). Of course,
that involves extra work. So I went to check what other
implementations do [2] and discovered that every one escapes with html
entities. Is there something I'm missing or is this a bug? As far as I
can tell, the "&" breaks the query string.

[1]: http://www.rfc-editor.org/rfc/rfc1738.txt
[2]: 
http://babelmark.bobtfish.net/?markdown=%5BLink%5D%28http%3A%2F%2Fwww.site.com%2F%3Fparam1%3Dvalue1%26param2%3Dvalue1%29&normalize=on&src=1&dest=2
-- 

Waylan Limberg
[EMAIL PROTECTED]
___
Markdown-Discuss mailing list
Markdown-Discuss@six.pairlist.net
http://six.pairlist.net/mailman/listinfo/markdown-discuss

Re: a JavaScript front-end for Babelmark

[John Fraser]

On Mar 25, 2008, at 6:48 PM, Milian Wolff wrote:

Am Dienstag, 25. März 2008 schrieb John Fraser:

I've built a quick-and-dirty diff GUI for Babelmark (thanks,
Michel!).  You can get it as a bookmarklet here:

http://attacklab.net/babelmark/


Great, what about grouping by output? So that one can easily see which
implementations agree on the output.


I've updated my bookmarklet to color the left column by group.  Try it  
out (on Michel's version of Babelmark), and if nobody tells me it  
sucks then I'll send along the new version to Tom and Michel.


Thanks,
John
___
Markdown-Discuss mailing list
Markdown-Discuss@six.pairlist.net
http://six.pairlist.net/mailman/listinfo/markdown-discuss

Re: a JavaScript front-end for Babelmark

[John Fraser]

Oops, I just realized I've been missing about half of the messages on  
Markdown-discuss ever since I switched servers last week. Should be  
fixed now.


But Michel, I'm sorry I missed this:

http://six.pairlist.net/pipermail/markdown-discuss/2008-March/001230.html

As I told Tom, I'd like a couple of hooks in the HTML to make things  
more robust.  And it would make sense to move a few hard-coded styles  
into your CSS file.  I'll email you and Tom directly about this.


___
Markdown-Discuss mailing list
Markdown-Discuss@six.pairlist.net
http://six.pairlist.net/mailman/listinfo/markdown-discuss

Re: a JavaScript front-end for Babelmark

[John Fraser]

On Mar 31, 2008, at 9:04 AM, Tomas Doran wrote:

On 31 Mar 2008, at 12:03, Michel Fortin wrote:

Le 2008-03-31 à 3:35, Tomas Doran a écrit :
I've just stolen your code and plugged it into my mirror of  
Babelmark, looks really awesome!
I think it'd be a little better if the compare checkbox was off by  
default however.

Totally agree about the compare checkbox..


That's great!  Thanks Tom.

I agree about the checkbox (I only set it to "on" for the  
bookmarklet).  You can change it in babelmark.js:


var compare = getFormParam("compare","on");

Just change that to "off".  It ought to keep track of your setting  
through a submit.


My code uses some convoluted jQuery selectors to find elements, so  
it's likely to break if the HTML changes much.  If that's likely, we  
might want to sprinkle in a couple of id's to give it more to hold on  
to.  But that probably only makes sense if both Michael and Tom are  
into it, since I assume you don't want your versions to diverge too  
much.


- John
___
Markdown-Discuss mailing list
Markdown-Discuss@six.pairlist.net
http://six.pairlist.net/mailman/listinfo/markdown-discuss

Re: a JavaScript front-end for Babelmark

[Tomas Doran]

On 31 Mar 2008, at 12:03, Michel Fortin wrote:

Le 2008-03-31 à 3:35, Tomas Doran a écrit :

I've just stolen your code and plugged it into my mirror of  
Babelmark, looks really awesome!


I've also just re-jigged servers, so ruby, Java and Pandoc have  
been broken on my mirror over most of the weekend. I've fixed this  
now.


http://babelmark.bobtfish.net/?markdown=*This+**is+a 
+test*.&normalize=on


Great.

I think it'd be a little better if the compare checkbox was off by  
default however. And that sentence may need revisiting:


With Javascript diffing Copyright © 20048 by John Fraser



Totally agree about the compare checkbox.. And hehe - you're correct,  
that's what I get for picking up the laptop before getting to work  
(or caffeine) in the morning..


I'll look at both of these later today.

Cheers
Tom

___
Markdown-Discuss mailing list
Markdown-Discuss@six.pairlist.net
http://six.pairlist.net/mailman/listinfo/markdown-discuss

Re: a JavaScript front-end for Babelmark

[Michel Fortin]

Le 2008-03-31 à 3:35, Tomas Doran a écrit :

I've just stolen your code and plugged it into my mirror of  
Babelmark, looks really awesome!


I've also just re-jigged servers, so ruby, Java and Pandoc have been  
broken on my mirror over most of the weekend. I've fixed this now.


http://babelmark.bobtfish.net/?markdown=*This+**is+a+test*.&normalize=on


Great.

I think it'd be a little better if the compare checkbox was off by  
default however. And that sentence may need revisiting:


With Javascript diffing Copyright © 20048 by John Fraser


Michel Fortin
[EMAIL PROTECTED]
http://michelf.com/


___
Markdown-Discuss mailing list
Markdown-Discuss@six.pairlist.net
http://six.pairlist.net/mailman/listinfo/markdown-discuss

Re: a JavaScript front-end for Babelmark

[Tomas Doran]

On 25 Mar 2008, at 22:54, John Fraser wrote:

On Mar 25, 2008, at 6:48 PM, Milian Wolff wrote:

Great, what about grouping by output? So that one can easily see  
which

implementations agree on the output.


Good idea; I've been noticing that the implementations tend to  
break into the same two groups on lots of edges cases.  I might do  
that with color coding, to keep the UI minimal -- I'll try that out  
tomorrow night and see how it feels.


By the way, if anyone's being redirected back to http:// 
attacklab.net/ when they try to view the page, it's because I just  
switched servers and it's percolating.  Try again later.


I've just stolen your code and plugged it into my mirror of  
Babelmark, looks really awesome!


I've also just re-jigged servers, so ruby, Java and Pandoc have been  
broken on my mirror over most of the weekend. I've fixed this now.


http://babelmark.bobtfish.net/?markdown=*This+**is+a+test*.&normalize=on

Cheers
Tom



___
Markdown-Discuss mailing list
Markdown-Discuss@six.pairlist.net
http://six.pairlist.net/mailman/listinfo/markdown-discuss