Bug#172132: pkgreport.cgi doesn't cope with & where & is expected

To: 172132@bugs.debian.org
Subject: Bug#172132: pkgreport.cgi doesn't cope with & where & is expected
From: Darren Salt <linux@youmustbejoking.demon.co.uk>
Date: Sat, 07 Dec 2002 18:03:03 +0000
Message-id: <[🔎] 4BA1373A43%linux@youmustbejoking.demon.co.uk>
Reply-to: Darren Salt <linux@youmustbejoking.demon.co.uk>, 172132@bugs.debian.org
In-reply-to: <[🔎] 20021207172504.GC2490@riva.ucam.org>
References: <[🔎] 4BA129F10C%linux@youmustbejoking.demon.co.uk> <[🔎] 20021207172504.GC2490@riva.ucam.org>

I demand that Colin Watson may or may not have written...

> On Sat, Dec 07, 2002 at 03:37:56PM +0000, Darren Salt wrote:
[snip]
>> Arguably, pkgreport.cgi etc. not coping with &amp; where & is expected is
>> correct behaviour, but there are one or two browsers which don't decode
>> character entities in URLs [...]

> I think this patch is wrong, because it would break any argument that
> really looked like 'amp;' (granted, there are none at the moment, but if we
> started allowing ';' as an argument separator as is done elsewhere then it
> begins to look more plausible).

Hmm. True... OTOH if HTML entities are present and all & mark the start of
valid entities, then entity decoding /could/ be automatically applied.

> Note that at least CGI.pm behaves the same way, so these browsers have a
> great deal of work ahead of them if they want to be correct.

No chance with Acorn Browse; unless somebody can cut through the red tape at
Pace, then no new versions are going to be released. The only remotely
practical option, other than making use of squid's URL redirection directives
(which suffers from the amp-is-an-argument problem), is to binary patch it
:-\

> I honestly think that the browsers you refer to ought to be changed to be
> more liberal in what they accept. :-)

URLs containing character entities are /accepted/ without problem ;-)

> In other words, attempt to parse & as the start of a character entity, and
> treat it as a literal & if that fails. Other approaches are just blatantly
> incompatible with HTML (4.01 section 5.3.2).

Isn't that what I'm saying? ;-)

> The only correct way I can think of to work around this browser brokenness
> is to start accepting ';' as an argument separator and using it in links.
> I'd have to check rather carefully to see whether there's anything that
> this would break.

Use a list of accepted argument names? A switch which says that it's safe to
drop ^amp; from argument names? ...

-- 
| Darren Salt        | d youmustbejoking,demon,co,uk | nr. Ashington,
| RPC, Spec+3, A3010 | s zap,tartarus,org            | Northumberland
| BBC M128, Linux PC | @                             | Toon Army
|   <URL:http://www.youmustbejoking.demon.co.uk/progs.packages.html>

:.::: ::..: ::.::. :..:: Tagline in Braille

Reply to:

References:
- Bug#172132: pkgreport.cgi doesn't cope with & where & is expected
  - From: Darren Salt <linux@youmustbejoking.demon.co.uk>
- Bug#172132: pkgreport.cgi doesn't cope with & where & is expected
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Bug#172132: pkgreport.cgi doesn't cope with & where & is expected
Next by Date: Processed: Re: Bug#172132: pkgreport.cgi doesn't cope with & where & is expected
Previous by thread: Bug#172132: pkgreport.cgi doesn't cope with & where & is expected
Next by thread: Bug#172132: pkgreport.cgi doesn't cope with & where & is expected
Index(es):
- Date
- Thread

Bug#172132: pkgreport.cgi doesn't cope with &amp; where & is expected

Bug#172132: pkgreport.cgi doesn't cope with & where & is expected