Johnny C. Lam writes:
If [...] is any valid HTML, then it would be directly rendered by the browser before the real part of the response, right?
Nope, for at least two reasons.This is not HTML. We're talking about an HTTP header, here. Which is, basically, a MIME header. If a browser attempts to interpret the HTTP/MIME header's contents as HTML, it is a browser bug.
Note that in the _HTML_ portion of the response:
<p>Loading <a href="[#r#]" style="text-decoration: none">[#r#]</a>…</p>
Where "r" gets expanded as:
output_attrencoded(cgi("redirect"));
The second reason is that the boob must explicitly click on some link, this
does not get run automatically as part of an innocent action, such as
viewing a message.
Finally, your patch is wrong. output_attrencoded() returns a void.
pgpasHVSXSkU9.pgp
Description: PGP signature
