Ticket #1459 (closed enhancement: fixed)

Opened 2 years ago

Last modified 2 years ago

Some URLs miss urllib.quote

Reported by: anonymous Assigned to: fguillaume
Priority: P3 Milestone: CPS 3.4.2
Component: CPS (global) Version: TRUNK
Severity: normal Keywords: xhtml validation accessibility
Cc:

Description

CPS source code uses cgi.escape to outpout href values of <a/> tags. However cgi.escape is incomplete, for instance: 

>>> import cgi
>>> cgi.escape(' ')
' '
>>> import urllib
>>> urllib.quote(' ')
'%20'

BTW: for more info about the wonderful urllib: 

>>> pydoc urllib

Change History

02/24/06 18:09:32 changed by fguillaume

What code are you talking about specifically?

cgi.escape and urllib.quote have very different use cases

02/24/06 18:16:44 changed by ogrisel

The 'href' attribute of <a/> tags in the rendering of the Subject Widget for instance, but I'm sure it's not alone.

02/24/06 19:34:46 changed by sfermigier

fermigier@ubuntu:~/svn/CPS3/Products$ grep -r cgi.escape . | grep -v .svn ./CPSForum/skins/forum_default/post_tree.py: subject = cgi.escape(postsubject?) ./CPSForum/skins/forum_default/post_tree.py: cgi.escape(context.getPosterName(postauthor?)) + '</a>' ./CPSForum/skins/forum_default/post_tree.py: fullname = cgi.escape(context.getPosterName(postauthor?)) ./CPSForum/skins/forum_default/post_tree.py: fullname = '<a href="javascript:void(0)" onclick="javascript:window.open(\'popupdirectory_entry_view?dirname=members&id;=' + postauthor? + '\',\'wclose\',\'width=500,height=200,scrollbars=yes,toolbar=no,status=no,resizable=yes,left=20,top=30\')">' + cgi.escape(context.getPosterName(postauthor?)) + '</a>' ./CPSUtil/tests/test_genericsetup.py: ' >'+cgi.escape(source)+'</foo>\n') ./CPSUtil/genericsetup.py: data = cgi.escape(node.data) ./CPSWiki/colorize.py: self.out.write(cgi.escape(toktext))

02/28/06 17:45:52 changed by fguillaume

  • summary changed from use urllib.quote instead of cgi.escape to Some URLs miss urllib.quote.

Subject Widget should first urllib.quote the subject_name in the URL (or use urllib.urlencode), then cgi.escape the URL because it's included in HTML. It does only the second part.

If other code is in error please list it.

05/16/06 13:23:41 changed by sfermigier

  • milestone changed from CPS 3.4.1 to CPS 3.4.2.

Not sure about fguillaume's latest remark, but at least the initial issue seems now to be fixed.

05/16/06 16:30:09 changed by sfermigier

  • status changed from new to closed.
  • resolution set to fixed.

Closing the issue after all.