[Seaside] Re: [Swazoo-devel] Swazoo bugs that can affect Seaside
Randal L. Schwartz
merlyn at stonehenge.com
Wed Aug 3 22:04:01 UTC 2011
>>>>> "Dale" == Dale Henrichs <dhenrich at vmware.com> writes:
Dale> The first bug is in SwazooURI where the query fields in an URL
Dale> will be incorrectly parsed if an `&` or other special character is
Dale> embedded in the value of the field. The following example
Dale> illustrates the bug:
That's not a bug. There's no particular specialness of single or double
quotes in a URI.
So
example.com/xyz?foo=1&bar=2&bletch="foo&bar"
is actually ill-formed. It's quite possible that the parameters will
end up:
foo 1
bar 2
bletch "foo
bar" (null)
If you want & inside a GET parameter, you have to %-encode it.
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn at stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc.
See http://methodsandmessages.posterous.com/ for Smalltalk discussion
More information about the seaside
mailing list