Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Should & in urls be &? #1124

Closed
pachico opened this issue Aug 28, 2012 · 3 comments
Closed

Should & in urls be &? #1124

pachico opened this issue Aug 28, 2012 · 3 comments

Comments

@pachico
Copy link

pachico commented Aug 28, 2012

Php's dom class allows you to parse an entire DOM using the loadHTML method and check for errors.
Interesting, since you could inject any (x)html response of your main controller (or controller templates) and append to the log any validation issues in development environment.
This way you can always have control over the dom.
So far, so good.

However, Uri:create(), when get params are added creates a url like this:
script?foo=bar&foo1=bar1
This, in most validators, is wrong, including php DOM class, since it should be:
script?foo=bar&foo1=bar1

Please, read http://htmlhelp.com/tools/validator/problems.html

Now, would it be interesting to transform & to & in Uri::create and avoid validation problems?
Would that have collateral implications?

(Please, don't reply things already written in the url I posted above).

Cheers
@dudeami
Copy link
Contributor

dudeami commented Sep 13, 2012

The behavior you noted is expected, and you'll notice you'll get similar results with Html::anchor(). The reason Uri::create() gives out a url that is not safe for HTML is two-fold. First off, you may not know what the URL is being used for, and certainly can't assume its in HTML. The next reason is because of the way Views work, filtering the variables before they get used. I wrote up an example of how this works, and how to get the results you expect.

public function action_anchors() {
    $params = array(
        'foo' => 'bar',
        'ampersand' => '&&&'
    );

    $url = Uri::create('http://fuelphp.com/', array(), $params);
    // Output: http://fuelphp.com/?q=Ampersand&ampersand=%26%26%26

    // This will render incorrectly in a view, or just be invalid HTML.
    $anchor = Html::anchor($url, 'FuelPHP.com');
    // Output: <a href="http://fuelphp.com/?q=Ampersand&ampersand=%26%26%26">FuelPHP.com</a>"

    // Setup data for view
    $data = array(
        'url' => $url,
        'anchor' => $anchor
    );

    return Response::forge(View::forge('test/anchor', $data));
}

Output of the view:

    <a href="http://fuelphp.com/?foo=bar&amp;ampersand=%26%26%26">FuelPHP.com</a>
    <a href="http://fuelphp.com/?foo=bar&amp;ampersand=%26%26%26">FuelPHP.com</a>
    &lt;a href=&quot;http://fuelphp.com/?foo=bar&amp;ampersand=%26%26%26&quot;&gt;FuelPHP.com&lt;/a&gt

Contents of APPPATH/views/test/anchor.php:

    <a href="<?php echo $url; ?>">FuelPHP.com</a>
    <?php echo Html::anchor($url, 'FuelPHP.com')."\n"; ?>
    <?php echo $anchor; ?>

Explaination of code:

The first function is Uri::create(). This works as expected, doing a urlencode() on the name-value pairs.

Now, you have a url in $url that is not ready for HTML. The next line of code creates an anchor, but this will either be invalid HTML, or will become totally escaped in a view (See line #3 of output).

The way you get a valid HTML anchor is by either echoing it in plain HTML (line #1 of output and view code) or using the Html::anchor() method and echoing the results of that inside the view (line #2 of output and view code).

@WanWizard
Copy link
Member

I have nothing more to add to this response.

@pachico
Copy link
Author

pachico commented Oct 25, 2012

I agree, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dudeami @WanWizard @pachico