HTMLBuilder and <A HREF='script.py?foo=bar&ding=bats'>yeah teah</A>

Steve Holden sholden at bellatlantic.net
Thu Mar 9 17:11:09 CET 2000


Vespe Savikko wrote:
> 
> Also sprach Ben Skelton <skeltobc at mailandnews.com>:
> 
>   Adrian Eyre wrote:
>   >
>   > > b.startElement ('a', {'href': 'script.py?foo=bar&ding=bats'})
>   > >
>   > > [snip]
>   > >
>   > > <HTML><A HREF="script.py?foo=bar&amp;ding=bats">Press me</A></HTML>
>   > >
>   > > note the '&amp;' in the href argument.
>   >
>   > Indeed. It's substituted for the ampersand, being illegal in an HTML
>   > document.
>   >
>   > > How can I do this properly?
>   >
>   > What do you mean by properly?
> 
> 
>   I want to pass arguments to the script.py. I thought the way to do this
>   was
>   via the url
>   http://server/cgi-bin/script.py?argument1=value1&argument2=value2
>   ie an ampersand separated list of argument=value.
> 
>   The idea is that when different hyperlinks are followed unique sets of
>   arguments can be passed to the script.
> 
> Have you tried that? If your browser isn't broken it should decode the
> HTML-encoded character entities when following the link. In other
> words _in the HTML document_ the following links behave identically
> (meaning they generate identical HTTP requests):
> 
> <a href="http://server/script?arg1=143&arg2=foo">Link</a>
> <a href="http://server/script?arg1=143&amp;arg2=foo">Link</a>
> 
> If I remember correctly the latter line is even more valid HTML since
> it escapes the "dangerous" & character.
> 
>   ++Vespe
> 
> --
>   ------------------------------------------------------------------
>        Vespe Savikko     vespe at cs.tut.fi     - to doom de doomsday -

Sadly, your link brings up

	http://server/script?arg1=143&amp;arg2=foo

in the browser location window, which is NOT what's required.  Unless,
of course, my mail reader has somehow mangled this URL.  The browser
actually needs to see

	http://server.snap.com/script?arg1=143&arg2=foo

or it will think you are trying to the CGI argument "amp;arg2" to
"foo".  I have tested this locally, using the following code (I blush
to publish VBscript in c.l.p, but it was quicker to hack an existing
test script):

#------------------------ASP Start------------------------
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
	<TITLE>Entity Decoding Test</TITLE>
</HEAD>
<BODY>
<%
arg1=Request("arg1")
arg2=Request("arg2")
extra=Request("amp;arg2")
%>
<h3>Arg1: <%=arg1%></h3>
<h3>Arg2: <%=arg2%></h3>
<h3>Extra: <%=extra%></h3>
</BODY>
</HTML>
#------------------------ASP End------------------------

and sure enough that's what happens.  HTML encoding surely isn't
appropriate inside attribute values: it's used between tags to ensure
the browser correctly renders text which might otherwise be incorrectly
interpreted as markup, or require illegal characters in the HTML stream.

So the question remains: how to stop the startElement from HTML
entity-encoding the HREF attribute of an <A> tag.  Some kind of escape
mechanism?  Or are you suggesting that Netscape 4.7 os broken in some
fundamental way?

regards
 Steve
--
"If computing ever stops being fun, I'll stop doing it"



More information about the Python-list mailing list