Item8924: added URL encoding to values passed via meta to JS. There a…

…re two important changes here that need careful consideration. First, because foswiki.PREFERENCE values are now URL encoded, anything that bypasses foswiki.getPreference and uses foswiki.getMetaTag (or similar) to retrieve a preference value from EXPORTEDPREFERENCES needs to decode the value. Second, in order to support this I needed a proper URL encoding, but found that ENCODE doesn't provide one. After some detailed examination of the history of <br> encoding (which stretches back to a checkin in early 2001), I couldn't find any rational reason for it, other than sloppy coding. I have removed it, which means that newlines will now be encoded using the normal URL encoding. There's a chance this may impact a wiki application, but TBH I think it's the lesser of the evils to fix this poisonous legacy now. If people disagree, then the alternative is to add a type=uri that does a proper encoding.

git-svn-id: http://svn.foswiki.org/trunk@7694 0b4bb1d4-4e5a-0410-9cc4-b2b747904278

JQueryPlugin/pub/System/JQueryPlugin/plugins/foswiki/jquery.foswiki.uncompressed.js

@@ -60,6 +60,7 @@ if (foswiki.preferences === undefined) {
     // Check for a preference passed in a meta tag (this is the classical method)
     var metaVal = $("meta[name=foswiki."+key+"]").attr("content");
     if (metaVal !== undefined) {
+      metaVal = unescape(metaVal);
       // Cache it for future reference
       foswiki.preferences[key] = metaVal;
       return metaVal;

core/lib/Foswiki/Macros/ENCODE.pm

@@ -71,7 +71,12 @@ sub ENCODE {
         return $text;
     }
     elsif ( $type =~ /^url$/i ) {
-        $text =~ s/\r*\n\r*/<br \/>/;    # Legacy.
+        # This is legacy, stretching back to 2001. Checkin comment was:
+        # "Fixed URL encoding". At that time it related to the encoding of
+        # parameters to the "oops" script exclusively. I'm taking it out
+        # because I can't see any situation in which it might have been
+        # used in anger.
+        # $text =~ s/\r*\n\r*/<br \/>/;
         return urlEncode($text);
     }
     elsif ( $type =~ /^(off|none)$/i ) {

core/pub/System/JavascriptFiles/foswikilib_src.js

@@ -45,7 +45,7 @@ foswiki.getMetaTag = function(inKey) {
         for (var i = 0; i < head.length; i++) {
             if (head[i].tagName != null &&
                 head[i].tagName.toUpperCase() == 'META') {
-                foswiki.metaTags[head[i].name] = head[i].content;
+                foswiki.metaTags[head[i].name] = unescape(head[i].content);
             }
         }
     }
@@ -86,16 +86,17 @@ foswiki.getPreference = function(key, useServer) {
         if (foswiki.preferences === undefined) {
             foswiki.preferences = {};
         }
-        foswiki.preferences[key] = metaVal;
+        foswiki.preferences[key] = unescape(metaVal);
         return metaVal;
     }
 
     // Use AJAX to get a preference value from the server. This requires
     // a lot of context information to be passed to the server, and a REST
     // handler on the server, so has not been implemented yet.
     if (useServer) {
-        window.alert("Trying to get preference '" + key + "' from server, but " + 
-              "this feature is not implemented yet.");
+        window.alert("Trying to get preference '" + key
+                     + "' from server, but " + 
+                     "this feature is not implemented yet.");
     }
     return null;
 };

core/templates/foswiki.tmpl

@@ -16,7 +16,7 @@
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="%LANG%" lang="%LANG%">%TMPL:END%
 
 %TMPL:DEF{"meta:preferences"}%%FOREACH{"%EXPORTEDPREFERENCES%" 
-  format="<meta name='foswiki.$topic' content='$percnt$topic$percnt' />"
+  format="<meta name=\"foswiki.$topic\" content=\"$percntENCODE{\"$percnt$topic$percnt\"}$percnt\" /><!--$topic-->"
   separator="
 "
 }%