Bug#172132: pkgreport.cgi doesn't cope with & where & is expected
On Sun, Dec 08, 2002 at 12:51:43AM +0000, Darren Salt wrote:
> I demand that Josip Rodin may or may not have written...
> > On Sat, Dec 07, 2002 at 09:17:00PM +0000, Darren Salt wrote:
> >> Any browser which displays
> >> <a href="index.html>Home page</a>
> >> as a link, containing the text "Home page", to index.html is supporting
> >> broken HTML; should it simply fail to display it?
> > Uhh, I don't see how that is relevant to what we have here. It's not broken
> > to use & to represent the ampersand character in anchor tags; on the
> > contrary, it is exactly according to the specification.
> Wrong end of the stick...? :-)
> The browser rendering the above broken HTML is handling errors. The CGI
> script which understands & is also handling errors.
Unfortunately it can't tell whether it's an error or not. There's no
information loss in your HTML example above; in contrast, browsers that
fail to unescape '&' are transforming one valid URL into another
valid URL, thereby losing information.
I'm pretty sure that having the CGI script understand '&' is the
wrong answer. Using a totally different separator to avoid the whole
issue is probably the right answer.
Colin Watson [email@example.com]