On Sat, Dec 07, 2002 at 03:37:56PM +0000, Darren Salt wrote: > Package: debbugs > Version: 2.3-4 > Tags: patch
(Note that 2.4 is current, in experimental.) > Arguably, pkgreport.cgi etc. not coping with & where & is expected is > correct behaviour, but there are one or two browsers which don't decode > character entities in URLs (in the case of at least one such browser, it was > a design decision based on & in URLs often being a literal & rather than > marking the start of a character entity). > > Better to be liberal in what you accept :-) I think this patch is wrong, because it would break any argument that really looked like 'amp;' (granted, there are none at the moment, but if we started allowing ';' as an argument separator as is done elsewhere then it begins to look more plausible). Note that at least CGI.pm behaves the same way, so these browsers have a great deal of work ahead of them if they want to be correct. I honestly think that the browsers you refer to ought to be changed to be more liberal in what they accept. :-) In other words, attempt to parse & as the start of a character entity, and treat it as a literal & if that fails. Other approaches are just blatantly incompatible with HTML (4.01 section 5.3.2). The only correct way I can think of to work around this browser brokenness is to start accepting ';' as an argument separator and using it in links. I'd have to check rather carefully to see whether there's anything that this would break. -- Colin Watson [EMAIL PROTECTED]
