On Thu, Apr 14, 2011 at 01:01, <[email protected]> wrote: > On 2011/04/12 01:14:10, xtof wrote: > >> On Mon, Apr 11, 2011 at 17:54, <[email protected]> wrote: >> > > > Note that the CSS spec talks about using '\(', not '\028'. I however >> > have absolutely no idea how well this is supported by browsers. >> > >> I think I read somewhere that this doesn't work in IE (which seems to >> interpret \ literally in URLs because windows users keep typing things >> > like > >> http:\\example.com\ into URL bars). I should test this... >> > > That's required for web compat' > > http://tools.ietf.org/html/draft-ietf-iri-3987bis-05#section-7.2 > A quick test in IE8 confirms that it correctly parsed "\" as an escape > though: > body { background: > url('http://www.google.com/images/logos/ps_logo2.png\'\(\)'); } > doesn't display the image, and shows with value > "url(http://www.google.com/images/logos/ps_logo2.png'())" in the IE8 > Developer Tools (which we all know is bad at serializing its internal > values). I tried with and without the enclosing single quotes. > Ok. Maybe there were problems in older IEs that got fixed by 8 (pretty common, that).
> > I've rebased my working copy on the latest trunk, with the SafeStyles > change. I'll correctly merge/integrate my changes in and re-test. Maybe > I'll add the URL-escaping too (though for the CSS context, given the > above quick-test, I'll probably rather \-escape). I wouldn't worry about that if it gets too involved for this CL -- I agree with your earlier point that this ought to belong into an extended SafeStylesBuilder that knows about properties with url(...) values. I think we should just disallow SafeUri values in CSS context in a template. > I'll see if we can add > a check in UriUtils.fromTrustedString that it only contains "valid URI > chars". > That would be useful; probably should be an assert so it doesn't affect performance in compiled mode. > If it ever happens to take a bit more time than "acceptable", though, > I'll put TODOs instead, as these are rather edge cases anyway. > > Yes, that sounds good. Thanks! --xtof > > > http://gwt-code-reviews.appspot.com/1380806/ > -- http://groups.google.com/group/Google-Web-Toolkit-Contributors
