Hello Trong,
Yes that is one of the points identified, I think that fix can be doable.
Other point that I think it can have a deep impact is the use of custom attributes in standard tags, for example, exo:getNodeURL et others.
These attributes are not compliant with the XHTML 1.0 Strict that is used in all markups.
I'm wondering that what can be more interesting:
- To change the doctype.
- Try to think in an alternative way instead to use custom attributes.
At this point I'm not starting fixing, just evaluating impact.
What do you think ?
I don't know in eXo side, but w3c requeriment is something that most customers is asking, so I think it could be interesting to review if we can work on it.
Thanks for yor comments,
Lucas
----- Mensaje original -----
> De: "Trong Tran" <trongtt@gmail.com>
> Para: "Lucas Ponce" <lponce@redhat.com>
> CC: "gatein-dev" <gatein-dev@lists.jboss.org>
> Enviados: Viernes, 7 de Febrero 2014 11:10:14
> Asunto: Re: [gatein-dev] Potential impacts on URL encoding
> *Trong Tran*>
> Hi Lucas,
>
> I have a remark on this topic that today it is using PortletURL#toString()
> for writing the URL in HTML. It is clearly specified in the Portlet API
> spec “the returned URL is not XML escaped”. Thereby It seems to me that
> this is just an error-prone usage, the PortletURL#write(Writer out, boolean
> escapeXML) should be used instead.
>
> Did I miss something ?
>
>
>
> On 3 February 2014 18:55, Lucas Ponce <lponce@redhat.com> wrote:
>
> > Hello,
> >
> > One of our customer is asking again for w3c validation.
> >
> > We are studying points where gatein is not w3c compliant.
> >
> > I think one of most dangerous is about "&" in URLs, according with w3c
> > documentation:
> >
> > ------------------------
> >
> > Ampersands (&'s) in URLs
> >
> > Another common error occurs when including a URL which contains an
> > ampersand ("&"):
> >
> > <!-- This is invalid! --> <a
> > href="foo.cgi?chapter=1§ion=2©=3&lang=en">...</a>
> >
> > This example generates an error for "unknown entity section" because the
> > "&" is assumed to begin an entity reference. Browsers often recover safely
> > from this kind of error, but real problems do occur in some cases. In this
> > example, many browsers correctly convert ©=3 to ©=3, which may cause
> > the link to fail. Since ⟨ is the HTML entity for the left-pointing
> > angle bracket, some browsers also convert &lang=en to 〈=en. And one old
> > browser even finds the entity §, converting §ion=2 to §ion=2.
> >
> > To avoid problems with both validators and browsers, always use & in
> > place of & when writing URLs in HTML:
> >
> > <a href="foo.cgi?chapter=1&section=2&copy=3&lang=en">...</a>
> >
> > Note that replacing & with & is only done when writing the URL in
> > HTML, where "&" is a special character (along with "<" and ">"). When
> > writing the same URL in a plain text email message or in the location bar
> > of your browser, you would use "&" and not "&". With HTML, the browser
> > translates "&" to "&" so the Web server would only see "&" and not
> > "&" in the query string of the request.
> >
> > --------------------------
> >
> >
> > We did some experiments in the past to code "&" per "&" but this has
> > negative effect into other components (i.e. WSRP).
> >
> > Before to start making PoC about it, I would like to ask if someone also
> > tried a similar approach and we can share our experiences about that.
> >
> >
> > Thanks,
> > Lucas
> >
> >
> >
> > _______________________________________________
> > gatein-dev mailing list
> > gatein-dev@lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/gatein-dev
>
>
>
>
> --
> *(+84) 983841909 | *trongtt@gmail.com
> Twitter: http://twitter.com/trongtt
>