Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't use short notatnion arg_separator #691

Closed
wants to merge 1 commit into from
Closed

Don't use short notatnion arg_separator #691

wants to merge 1 commit into from

Conversation

bato3
Copy link

@bato3 bato3 commented Jul 7, 2016

When url is ?foo=&not_foo= browsers interpret it as one value ?foo=¬_foo= --> ?foo=¬_foo=

@bato3
Don't use short notatnion arg_separator
30aa67f 
When url is `?foo=&not_foo=` browsers interpret it as one value `?foo=¬_foo=` --> `?foo=¬_foo=`
@acoulton
Copy link
Member

Hi @bato3, thanks for the pull request. Unfortunately this isn't correct - the URL should originally be returned with the unescaped & separator.

Escaping the & to & is only sometimes appropriate, depending on where you're using the generated URL. For example, you wouldn't want to escape it in a JSON response, a plain-text email, or a Location: redirect header.

You do need to encode URLs in href (or any other) HTML attributes - but in that case there are other characters that may need to be escaped, not just the &. You should use HTML::chars, HTML::anchor or HTML::attributes (or another suitable method) to escape your link attributes for display.

If I've misunderstood the problem you're having, feel free to reopen with more details.

@acoulton acoulton closed this Jul 18, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bato3 @acoulton