You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by m-...@wickline.org on 2003/04/03 18:01:38 UTC
BUG [in docs] semicolon-separated param pairs fail w/ MSIE in meta
redirect tags
Stas wrote:
> Matthew, can you please repost it to the mod_perl list?
> There are many more people who can followup on this.
> Thanks.
I won't be subscribed long enough to read any replies to this mesg, but
am posting here at Stas' suggestion. Hopefully someone here will be able
to update the docs if appropriate.
Yesterday I was reading
http://perl.apache.org/docs/tutorials/client/browserbugs/browserbugs.html
and noticed:
> either you should avoid using such keys
> or you should separate parameter pairs
> with ; instead of &
This is fine advice. It's standards compliant and *should* work
perfectly. In practice, it does work with one exception. MSIE (or at
least certain recent versions of it) can fail to redirect properly if
you use ; separators in a URL which is used in a meta redirect tag.
Suppose the URL to which you're redirecting is supposed to contain a
parameter "volt" with value "1" and another parameter "amp" with a value
of "2".
The URL could be either of these two if you're using CGI.pm
http://example.com/?volt=1&=2
http://example.com/?volt=1;amp=2
Since the URL is appearing in HTML, then you have to HTML entity encode
the URL, which means that the URL in your meta redirect tag needs to be
either of these two
http://example.com/?volt=1&amp=2
http://example.com/?volt=1;amp=2
Either of those *should* work in functional browsers.
However, (at least certain versions of) MSIE will incorrectly read those
two urls (if found in meta redirects) as
http://example.com/?volt=1&amp=2
http://example.com/?volt=1
Note that the second URL lost everything after the semicolon. In
versions of MSIE which are afflicted in this manner, you can only have
semicolons in your URL if they are the terminal characters of HTML
entity encoding sequences.
This means that in your meta redirects you *must* use the encoded &
character (& or a numeric encoding) to separate your parameter
name/value pairs *unless* you can be certain that none of your users
will be using one of the broken browsers.
See also
http://rt.cpan.org/NoAuth/Bug.html?id=2130
I thought this note might be appropriate to add to
http://perl.apache.org/docs/tutorials/client/browserbugs/browserbugs.html
-matt
(who is now unsubscribing. Thanks for your time :)
semicolon-separated URL param pairs aren't good enough for recent
IE?
Posted by Stas Bekman <st...@stason.org>.
Folks, please take a look at this one. (the original subject was misleading,
as it wasn't a bug in docs per se, but something that earlier everybody has
agreed upon here on the list and now Matthew has discovered that this is no
longer correct. Since I'm not using MSIE and can't verify this please help to
resolve this issue:
Matthew wrote:
> Yesterday I was reading
> http://perl.apache.org/docs/tutorials/client/browserbugs/browserbugs.html
>
> and noticed:
> > either you should avoid using such keys
> > or you should separate parameter pairs
> > with ; instead of &
>
> This is fine advice. It's standards compliant and *should* work
> perfectly. In practice, it does work with one exception. MSIE (or at
> least certain recent versions of it) can fail to redirect properly if
> you use ; separators in a URL which is used in a meta redirect tag.
>
> Suppose the URL to which you're redirecting is supposed to contain a
> parameter "volt" with value "1" and another parameter "amp" with a value
> of "2".
>
> The URL could be either of these two if you're using CGI.pm
> http://example.com/?volt=1&=2
> http://example.com/?volt=1;amp=2
>
> Since the URL is appearing in HTML, then you have to HTML entity encode
> the URL, which means that the URL in your meta redirect tag needs to be
> either of these two
> http://example.com/?volt=1&amp=2
> http://example.com/?volt=1;amp=2
>
> Either of those *should* work in functional browsers.
>
> However, (at least certain versions of) MSIE will incorrectly read those
> two urls (if found in meta redirects) as
> http://example.com/?volt=1&amp=2
> http://example.com/?volt=1
>
> Note that the second URL lost everything after the semicolon. In
> versions of MSIE which are afflicted in this manner, you can only have
> semicolons in your URL if they are the terminal characters of HTML
> entity encoding sequences.
>
> This means that in your meta redirects you *must* use the encoded &
> character (& or a numeric encoding) to separate your parameter
> name/value pairs *unless* you can be certain that none of your users
> will be using one of the broken browsers.
>
>
> See also
> http://rt.cpan.org/NoAuth/Bug.html?id=2130
>
>
> I thought this note might be appropriate to add to
> http://perl.apache.org/docs/tutorials/client/browserbugs/browserbugs.html
>
> -matt
> (who is now unsubscribing. Thanks for your time :)
--
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com