couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gabriel Farrell (JIRA)" <j...@apache.org>
Subject [jira] Updated: (COUCHDB-948) Breadcrumb doesn't need to be URI encoded
Date Thu, 18 Nov 2010 06:20:13 GMT

     [ https://issues.apache.org/jira/browse/COUCHDB-948?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Gabriel Farrell updated COUCHDB-948:
------------------------------------

    Attachment: noUriEncode.diff

Okay, I won't open this issue again, but I really disagree with the fix here.

By dropping the encodeURIcomponent we aren't allowing arbitrary characters. They're already
properly HTML escaped by jQuery's .text() method. Try it! Remove the encodeURIcomponent from
the displayed text, create a document with ID "<i>foo</i>", and view the breadcrumb.
All of the dangerous characters are escaped as they should be.

Why force people to look at URI-encoded versions of their doc IDs in the breadcrumbs? Say
I'm using telephone numbers for IDs, as mentioned in the CouchDB book, but I'm using the international
prefix and spaces between number groups: "+1 510 238 8777" becomes "%2B1%20510%20238%208777".
This makes Futon look like it was designed by people who didn't know better.

The slash-replacing technique makes for some odd cases as well. Say I'm using a file-system
layout for my doc IDs. In the breadcrumbs, "/home/foo/bar" becomes "/home%2Ffoo%2Fbar" because
only the first slash is replaced. We shouldn't design the interface around the narrow case
of design doc IDs.

True, doc IDs need to be URI encoded when sent as a URL parameter, but that applies to any
doc keys we send in queries to CouchDB. Does it make sense for Futon to display in URI-encoded
format everything that might be sent as a URL parameter? Of course not. That's why keys are
only HTML escaped.

In the breadcrumbs we should follow the same pattern as the doc listing on the database page.
The href attribute is URI encoded while the displayed text is HTML escaped. My attached patch
does this.

Also, I noticed the breadcrumb link to a database on its own database page is still not URI
encoded. Create a database called "foo/users" and click on that link to see the problem. There's
no need to link back to the database on its own page, however. It can just be HTML escaped
within the <strong> tag, as we do for the document on its page. Problem solved. This
fix is also in the attached patch.

> Breadcrumb doesn't need to be URI encoded
> -----------------------------------------
>
>                 Key: COUCHDB-948
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-948
>             Project: CouchDB
>          Issue Type: Bug
>          Components: Futon
>    Affects Versions: 1.1
>            Reporter: Gabriel Farrell
>            Priority: Trivial
>             Fix For: 1.0.2, 1.1
>
>         Attachments: noEncode.diff, noUriEncode.diff
>
>
> Introduced by github commit 871e2617 on 2010-11-02. When I go to the design doc "foo"
for db "bob", breadcrumbs/nav shows "Overview > bob > _design%2Ffoo" when it should
be "Overview > bob > _design/foo".

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message