On Mon, May 4, 2009 at 11:20 AM, mdipierro <[email protected]> wrote: > Out 17 and 19 would not work (unless you use routes.py) because URL > is validated and @ is not allowed, not even encoded. It is a security > measure.
What it prevents? > On May 4, 2:25 am, Yarko Tymciurak <[email protected]> wrote: >> If you look at URL, you will see that args and vars are urllib.quote()-ed. >> >> In general, you do not want to undo this; but if your controller checks for >> email, you can see the effects, e.g.: >> >> In [17]: URL(r=request, f='mailme', args='[email protected]') >> Out[17]: '/welcome/default/mailme/manny%40jack.moe' >> >> In [18]: URL(r=request, f='mailme', vars=dict(email='[email protected]')) >> Out[18]: '/welcome/default/mailme?email=manny%40jack.moe' >> >> In [19]: urllib.unquote(URL(r=request, f='mailme', args='[email protected]')) >> Out[19]: '/welcome/default/mailme/[email protected]' >> >> In [20]: urllib.unquote(URL(r=request, f='mailme', >> vars=dict(email='[email protected] >> oe'))) >> Out[20]: '/welcome/default/[email protected]' >> >> But since you are only concerned with the string mapping of '%40' to '@', >> you can do that more directly (and it would be safer than a general url >> unquote()). >> >> -Yarko > > > -- Álvaro Justen Peta5 - Telecomunicações e Software Livre 21 3021-6001 / 9898-0141 http://www.peta5.com.br/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
