On 3/15/2011 4:56 AM, Octavian Rasnita orasnita-at-gmail.com |Catalyst/Allow to
home| wrote:
uri_for() escapes only the chars which are not in the following list (from
URI.pm):
$reserved = q(;/?:@&=+$,[]);
$mark = q(-_.!~*'()); #'; emacs
$unreserved = "A-Za-z0-9\Q$mark\E";
The char "&" is a valid char in the URI, so it should not be escaped.. With other words,
the following url is OK:
http://localhost/dir1/dir2/ham%20&%20eggs.jpg
uri_for() generates the URI as it needs to be accessed on the server and not as it
should be printed in an HTML page. In order to be printed correctly, the "&" char must
be HTML-encoded, so the html TT filter must be used:
<a href="[% c.uri_for('/path', 'eggs & ham.jpg', {a=1, b=2}).path_query |
html%]">label</a>
It will give:
<a href="/path/eggs%20&%20ham.jpg?a=1&b=2">label</a>
In contrast, the 'uri' filter in TT "converting any characters outside of the permitted
URI character set (as defined by RFC 2396)" and that includes |&|, |@|, |/|, |;|, |:|,
|=|, |+|, |?| and |$|.
The 'url' filter in TT is less aggressive, and does not include those.
The '&' is a "Reserved Character" according to ยง2.2 of RFC 2396. That is what the code
sample you quoted notes: the set of reserved characters. They may have specific meanings
as delimiters within the overall URI, so should be escaped. Just skimming, I see that
it's reserved within the query component.
Anyway, using the TT 'uri' filter on the dynamic path component means I don't have to use
the html filter also!
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/
