IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Software and Applications Forum / HTTP parameters and escaping.
Post #339,974
by static
Picture of static
2/21/11 7:58:34 PM
Reply
New HTTP parameters and escaping.
I've got a bit of a wierd problem on my work HTTP server with an external service and I'm not sure who is actually in the right.

The core of the problem is whether an HTML-escaped ampersand is legal in a HTTP redirect.

We have an ampersand in a link functioning as a parameter separator, as languages like PHP have been doing for years. We're using an external service to provide unsubsubscribe links and they're using a tracking link which redirects to our unsubscribe link. Unfortuantely, they're HTML-escaping the URL, even in the HTTP redirect, resulting in a non-working link. They shouldn't be doing that, right?

Wade.
Q:Is it proper to eat cheeseburgers with your fingers?
A:No, the fingers should be eaten separately.
Post #339,975
by folkert
Picture of folkert
2/21/11 8:03:28 PM
Reply
New Parameter Escaping is a nono.
We have use about 5 parameters in some mailing lists.

This means they need to be real and not escaped.
Post #339,980
by static
Picture of static
2/21/11 8:37:48 PM
Reply
New That's what I thought.
I found an RFC that ... uh, didn't dispute that. (It doesn't actually say "do not HTML escape" -- but reading it in context and it's clear that HTML escaping is not wanted there.)

Wade.
Q:Is it proper to eat cheeseburgers with your fingers?
A:No, the fingers should be eaten separately.
     HTTP parameters and escaping. - (static) - (2) - Feb. 21, 2011, 07:58:34 PM EST
         Parameter Escaping is a nono. - (folkert) - (1) - Feb. 21, 2011, 08:03:28 PM EST
             That's what I thought. - (static) - Feb. 21, 2011, 08:37:48 PM EST

I have this theory about the Brontosaurus...
50 ms