[Catalyst] Re: Escaping of "argument" of private path

Wed Mar 16 01:41:34 GMT 2011

On 3/15/2011 6:03 AM, Aristotle Pagaltzis pagaltzis-at-gmx.de |Catalyst/Allow to home| wrote:
> * John M. Dlugosz<wxju46gefd at snkmail.com>  [2011-03-15 08:10]:
>> <img src="[% c.uri_for("/static/gallery",rec.dirname,rec.filename) %]" alt="photo" />
>>
>> That works (using Smart_URI settings to leave off the host).
>> But it did not escape out the '&' in the filename! Is that
>> a bug?
> No. It’s exactly the right answer: ` ` → `%20` is URI escaping
> (which `uri_for` does, as it should), `&` → `&amp;` is HTML
> escaping (which `uri_for` has nothing to do with). You want
>
>      <img src="[% c.uri_for("/static/gallery",rec.dirname,rec.filename) | html %]" alt="photo" />
>
> Regards,
Catalyst's "uri' encoding is == TT's "url" encoding, and different from TT's "uri" encoding.

That is, escaping all reserved characters vs escaping (only) illegal characters.