https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22223
--- Comment #4 from David Cook <[email protected]> --- (In reply to Jonathan Druart from comment #3) > Did you read the commit message and the bug description? No, I didn't look it up in Git. Like Stackoverflow, I think it makes sense to include the relevant content in the forum rather than sending people off somewhere else. Providing a link isn't the same thing as providing a response. > I wrote a script to guess what needed to be escaped correctly, in <a > href=/uri?param=[% value %]>, 'value' must be uri escaped, not html escaped. > I think you've misunderstood me. I'm saying "href="[% ITEM_RESULT.uri | url %]" is a problem because ITEM_RESULT.uri may already contain an escaped URL. For instance, "https://idp.com?redirect_url=https%3A%2F%2Fsomewhere_else.com";. If you run use a filter like [% ITEM_RESULT.uri | url %], that'll make it double-encoded which breaks the URL. It's a different use case. I'm not describing building a URL in the template. I'm talking about when an entire URL is already provided. Filtering it is problematic as you can't know how the URL data is already going to be handled. (Although a person could write a filter that parses the URL and escapes any unescaped parameters and rebuilds the URL, but that's also more work that I doubt anyone wants to do right now.) > This is true in ~90% of the situations, others (specific cases) need to be > handled separately and fixed manually. This is what I don't understand. I understand how the template can be fixed manually, but can you explain to me how the scripts for auto-adding filters will ignore manually fixed cases? *clicks through to https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21526* Are you referring to use of $raw instead? I don't understand what you're trying to say. > If you found one you can provide a patch and I will test it. This also confuses me. What do you mean by "one" here? -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
