[Catalyst] Escaping of "argument" of private path
Octavian Rasnita
orasnita at gmail.com
Tue Mar 15 06:38:04 GMT 2011
From: "John M. Dlugosz" <wxju46gefd at snkmail.com>
> Consider this TT fragment:
>
> [% fname = rec.filename | uri %]
> <img src="[% c.uri_for("${directory}/${fname}") %]" alt="photo" />
>
> There is no reason to suppose that the filename following URL naming
> conventions, and may be something like "ham & eggs.jpeg". This in fact
> works as written, but I'm wondering if it's quite correct.
>
> In fact, I'm surprised that uri_for doesn't do this for me! I pass in a
> file name and get a URL back, right? Munging the file name first doesn't
> make sense since that's no longer the file name and won't work in a call
> to Open, for example.
>
> But escaping each component, and not the component delimiters, after
> getting the perported uri back would be much more work. This should be
> simpler. What am I missing?
>
uri_for() escapes each component, but I guess that it doesn't escape it if
it contains a slash in it.
For example, you can do:
<img src="[% c.uri_for('/static', 'ham and eggs.jpg').path %]">
It will print:
<img src="/static/ham%20and%20eggs.jpg">
Octavian
More information about the Catalyst
mailing list