Re: [xml] xmlSetProp Escape Free.

From: "Christopher R. Maden" <crism maden org>
To: Zaid Amireh <tumbak gmail com>
Cc: xml gnome org
Subject: Re: [xml] xmlSetProp Escape Free.
Date: Mon, 01 Aug 2011 17:24:07 -0400

On 08/01/2011 05:09 PM, Zaid Amireh wrote:

Citation please.


ISO 8879, RFC 1866, REC-html40

In particular, see the note in 8.2.1 of RFC 1866.

Consider:

<a href="http://example.com/ohms_law.cgi?ohm=2&amp=5";>

What is the actual value of the URI in the link?

Now consider:

<a href="http://example.com/ohms_law.cgi?ohm=2&amp;=5";>
<a href="http://example.com/ohms_law.cgi?ohm=2&amp;amp=5";>

Each is clear and unambiguous.

See also <URL: http://htmlhelp.com/tools/validator/problems.html >.

RFC1630 (and RFC1738 and RFC1808 for that matter) states that '&' is
safe to use and all of those RFC actually don't even mention &amp;


Those RFCs are about URIs, not about HTML.  When a URI is encoded in
HTML, HTML escaping rules must be used.  Do you also think that ' and "
should be allowed in href attributes without escaping?

~Chris
-- 
Chris Maden, text nerd  <URL: http://crism.maden.org/ >
Those who learn from history are doomed to become cynics.

References:
- [xml] xmlSetProp Escape Free.
  - From: Zaid Amireh
- Re: [xml] xmlSetProp Escape Free.
  - From: Christopher R. Maden
- Re: [xml] xmlSetProp Escape Free.
  - From: Zaid Amireh

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]