On 5/18/2015 9:30 AM, Richard Hipp wrote:
> I tried andygoth-brackets-outside-links.  I like it better the old
> way, with the brackets as part of the hyperlinks.  You are going to
> need to sell me on omitting the brackets from the links.

In typical browsers, it's not possible to start a selection in the
middle of hyperlink text.  Attempting to do so is instead interpreted as
a drag-and-drop operation.

I very frequently need to copy-and-paste artifact IDs from the web UI to
a text terminal, but currently this requires doing a manual edit after
pasting since I can't avoid having at least one bracket in the selection.

It's been brought up several times that an alternative approach would be
ignoring the brackets when checking if a string is an artifact ID, but
this doesn't really solve the problem either (specifically: the need to
manually edit after pasting) because square brackets have to be quoted
in Unix shells.

Having the brackets outside the hyperlink avoids the whole problem,
making it possible to select the artifact ID and only the artifact ID.

> I really do not like the andygoth-quote-apostrophe branch as it seem
> to want to add a great many &#39 escapes into HTML output that does
> not require it.  What problem does this branch hope to resolve?

First, let me point out that in many circumstances, Fossil's quoting of
" as " is needless.  This can be avoided as well.  Plus I argue
below that > to > is not strictly necessary even though desirable.

The reason " is emitted is so HTML quoting functions can be used to
generate text suitable for use inside a "double-qouted" HTML attribute
value.  Outside of this context, " serves no purpose.

However, many HTML attributes generated by Fossil are 'single-quoted',
so " is not needed in them either.  But what is needed is for
literal single quotes to be rendered as ', or else they will confuse
the browser and open Fossil to injection attacks.

The optimal solution is to have separate quoting rules for different
contexts: HTML text, single-quoted attributes, double-quoted attributes,
maybe even <pre>.  But of course the overwhelming drawback is a marked
increase in complexity for very little gain.  The simple approach, the
one we've already adopted, is to let the HTML contain a few unnecessary
entities so that one HTML quoter does everything.  (Well, everything but
URLs.)

By the way, Fossil already does &#39; substitution in
output_html_string() (static function in shell.c) and [dehtml] (proc in
diff.tcl), so there is precedent.

Quoting > at &gt; is not required (assuming there are no entirely
unquoted attribute values), so it serves no purpose but aesthetics.  I'm
not advocating that it be removed since I do appreciate the symmetry
with &lt;, and maybe there's a broken browser out there that will seize
on a > even if inside quotes, but if the goal is removing unnecessary
HTML entities, it's hard to justify eliminating &#39; (which is
required) while keeping &gt; (which is not).

Further reading: http://wonko.com/post/html-escaping
though I would not advocate quoting ` to appease MSIE, nor worrying
about unquoted attribute values.  Instead just make sure we stick to
single and double quotes throughout Fossil.

-- 
Andy Goth | <andrew.m.goth/at/gmail/dot/com>

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
fossil-dev mailing list
fossil-dev@mailinglists.sqlite.org
http://mailinglists.sqlite.org/cgi-bin/mailman/listinfo/fossil-dev

Reply via email to