httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodent of Unusual Size <Ken.C...@Golux.Com>
Subject Re: escape_html("Location") ?!??!
Date Wed, 21 Jan 1998 03:33:33 GMT
Roy T. Fielding wrote:
> Nope, that is the right call.  The URL should already be encoded at that
> point -- the HTML escaping is for any "&", which is a reserved character
> in HTML CDATA (the attribute data type for href).

But then something like "http://host/cgi-bin/foo?&a=1&b=2" will be
broken.  It will be turned into "http://host/cgi-bin/foo&amp;a=1&amp;b=2".
That can't be right, since it not only re-injects an ampersand but
sticks an HTML character entity into an HTTP element..

How is a response header field like this

    Location: http://host/cgi-bin/foo&amp;a=1&amp;b=2

valid HTTP?

#ken	P-)}

View raw message