4:20 a.m.
Hello Trong,
Yes that is one of the points identified, I think that fix can be doable.
Other point that I think it can have a deep impact is the use of custom attributes in
standard tags, for example, exo:getNodeURL et others.
These attributes are not compliant with the XHTML 1.0 Strict that is used in all markups.
I'm wondering that what can be more interesting:
- To change the doctype.
- Try to think in an alternative way instead to use custom attributes.
At this point I'm not starting fixing, just evaluating impact.
What do you think ?
I don't know in eXo side, but w3c requeriment is something that most customers is
asking, so I think it could be interesting to review if we can work on it.
Thanks for yor comments,
Lucas
----- Mensaje original -----
De: "Trong Tran" <trongtt(a)gmail.com>
Para: "Lucas Ponce" <lponce(a)redhat.com>
CC: "gatein-dev" <gatein-dev(a)lists.jboss.org>
Enviados: Viernes, 7 de Febrero 2014 11:10:14
Asunto: Re: [gatein-dev] Potential impacts on URL encoding
Hi Lucas,
I have a remark on this topic that today it is using PortletURL#toString()
for writing the URL in HTML. It is clearly specified in the Portlet API
spec “the returned URL is not XML escaped”. Thereby It seems to me that
this is just an error-prone usage, the PortletURL#write(Writer out, boolean
escapeXML) should be used instead.
Did I miss something ?
On 3 February 2014 18:55, Lucas Ponce <lponce(a)redhat.com> wrote:
> Hello,
>
> One of our customer is asking again for w3c validation.
>
> We are studying points where gatein is not w3c compliant.
>
> I think one of most dangerous is about "&" in URLs, according with
w3c
> documentation:
>
> ------------------------
>
> Ampersands (&'s) in URLs
>
> Another common error occurs when including a URL which contains an
> ampersand ("&"):
>
> <!-- This is invalid! --> <a
>
href="foo.cgi?chapter=1§ion=2©=3&lang=en">...</a>
>
> This example generates an error for "unknown entity section" because the
> "&" is assumed to begin an entity reference. Browsers often recover
safely
> from this kind of error, but real problems do occur in some cases. In this
> example, many browsers correctly convert ©=3 to ©=3, which may cause
> the link to fail. Since ⟨ is the HTML entity for the left-pointing
> angle bracket, some browsers also convert &lang=en to 〈=en. And one old
> browser even finds the entity §, converting §ion=2 to §ion=2.
>
> To avoid problems with both validators and browsers, always use & in
> place of & when writing URLs in HTML:
>
> <a
href="foo.cgi?chapter=1&section=2&copy=3&lang=en">...</a>
>
> Note that replacing & with & is only done when writing the URL in
> HTML, where "&" is a special character (along with "<"
and ">"). When
> writing the same URL in a plain text email message or in the location bar
> of your browser, you would use "&" and not "&". With
HTML, the browser
> translates "&" to "&" so the Web server would only
see "&" and not
> "&" in the query string of the request.
>
> --------------------------
>
>
> We did some experiments in the past to code "&" per
"&" but this has
> negative effect into other components (i.e. WSRP).
>
> Before to start making PoC about it, I would like to ask if someone also
> tried a similar approach and we can share our experiences about that.
>
>
> Thanks,
> Lucas
>
>
>
> _______________________________________________
> gatein-dev mailing list
> gatein-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/gatein-dev
--
*Trong Tran*
*(+84) 983841909 | *trongtt(a)gmail.com
Twitter: http://twitter.com/trongtt