[
https://issues.apache.org/jira/browse/SLING-9011?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17185029#comment-17185029
]
Radu Cotescu commented on SLING-9011:
-------------------------------------
[~Henry Kuijpers], I'm tempted to not pursue the fix here, namely in
SLING-9694. The reason is that the newest version of the HTML standard does not
enforce this rule any more and it was most probably based on the fact that most
of the browsers are lenient and automatically correct the URLs they use when
accessing the resources.
Section 12.1.2.3 [0] of the HTML standard mentions which characters are not
allowed in an attribute value and the ampersand is not in this class. The
standard does mention that ambiguous ampersands are not allowed, but these are
defined as structures that look like a name character reference but are not
one. Given the potential of introducing an incompatible change, I'm not sure if
it would be really worth fixing this issue.
[0] - https://html.spec.whatwg.org/multipage/syntax.html#attributes-2
> HTL: "automatic" context=uri on href/src seems to be wrong - Should be uri
> *and* html
> -------------------------------------------------------------------------------------
>
> Key: SLING-9011
> URL: https://issues.apache.org/jira/browse/SLING-9011
> Project: Sling
> Issue Type: New Feature
> Components: Scripting
> Affects Versions: Scripting HTL Engine 1.3.2-1.4.0
> Reporter: Henry Kuijpers
> Assignee: Radu Cotescu
> Priority: Major
>
> url=[http://test.com/?a=true&b=false&c=%3F|http://test.com/?a=true&b=false]
> <a href="${url}">Test</a>
> I expect the href to be (when viewing page source):
> [http://test.com/?a=true&b=false&c=%3F]
> It however is:
> [http://test.com/?a=true&b=false&c=%3F]
> HTML requires attributes to also be encoded, so I believe we're not doing
> enough to do the proper encoding/escaping here.
> WDYT?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
