HTMLBuilder and <A HREF='script.py?foo=bar&ding=bats'>yeah teah</A>

Vespe Savikko vespe at cs.tut.fi
Thu Mar 9 17:53:30 CET 2000


Also sprach Steve Holden <sholden at bellatlantic.net>:

  Vespe Savikko wrote:

  > Have you tried that? If your browser isn't broken it should decode the
  > HTML-encoded character entities when following the link. In other
  > words _in the HTML document_ the following links behave identically
  > (meaning they generate identical HTTP requests):
  > 
  > <a href="http://server/script?arg1=143&arg2=foo">Link</a>
  > <a href="http://server/script?arg1=143&amp;arg2=foo">Link</a>
  > 
  > If I remember correctly the latter line is even more valid HTML since
  > it escapes the "dangerous" & character.
  > 
  >   ++Vespe
  > 
  > --
  >   ------------------------------------------------------------------
  >        Vespe Savikko     vespe at cs.tut.fi     - to doom de doomsday -
  
  Sadly, your link brings up
  
  	http://server/script?arg1=143&amp;arg2=foo
  
  in the browser location window, which is NOT what's required.  Unless,
  of course, my mail reader has somehow mangled this URL.  The browser
  actually needs to see
  
  	http://server.snap.com/script?arg1=143&arg2=foo

Did you write those links in HTML file? Like in the example page below:

http://www.cs.tut.fi/~vespe/amp/

The links on that page invoke a script that tells its arguments and
behaviour is identical with or without escaping the ampersand. If you
look at the URL bar of the script page you notice that the browser has
decoded character entity &amp; to &
  
  and sure enough that's what happens.  HTML encoding surely isn't
  appropriate inside attribute values: it's used between tags to ensure
  the browser correctly renders text which might otherwise be incorrectly
  interpreted as markup, or require illegal characters in the HTML stream.

Well, the HTML encoding sure is appropriate inside attribute
values. Or so the HTML specification tells me:

  B.2.2 Ampersands in URI attribute values
 
   The URI that is constructed when a form is submitted may be used as an
   anchor-style link (e.g., the href attribute for the A element).
   Unfortunately, the use of the "&" character to separate form fields
   interacts with its use in SGML attribute values to delimit character
   entity references. For example, to use the URI "http://host/?x=1&y=2"
   as a linking URI, it must be written <A
   href="http://host/?x=1&#38;y=2"> or <A
   href="http://host/?x=1&amp;y=2">.

Source: http://www.w3.org/TR/REC-html40/appendix/notes.html#h-B.2.2
  
  So the question remains: how to stop the startElement from HTML
  entity-encoding the HREF attribute of an <A> tag.  Some kind of escape
  mechanism?  Or are you suggesting that Netscape 4.7 os broken in some
  fundamental way?

I can only insist that you try out the example I prepared.

  ++Vespe
  
-- 
  ------------------------------------------------------------------
       Vespe Savikko     vespe at cs.tut.fi     - to doom de doomsday -



More information about the Python-list mailing list