[Catalyst] Re: Escaping of "argument" of private path
John M. Dlugosz
wxju46gefd at snkmail.com
Wed Mar 16 01:41:34 GMT 2011
On 3/15/2011 6:03 AM, Aristotle Pagaltzis pagaltzis-at-gmx.de |Catalyst/Allow to home| wrote:
> * John M. Dlugosz<wxju46gefd at snkmail.com> [2011-03-15 08:10]:
>> <img src="[% c.uri_for("/static/gallery",rec.dirname,rec.filename) %]" alt="photo" />
>> That works (using Smart_URI settings to leave off the host).
>> But it did not escape out the '&' in the filename! Is that
>> a bug?
> No. It’s exactly the right answer: ` ` → `%20` is URI escaping
> (which `uri_for` does, as it should), `&` → `&` is HTML
> escaping (which `uri_for` has nothing to do with). You want
> <img src="[% c.uri_for("/static/gallery",rec.dirname,rec.filename) | html %]" alt="photo" />
Catalyst's "uri' encoding is == TT's "url" encoding, and different from TT's "uri" encoding.
That is, escaping all reserved characters vs escaping (only) illegal characters.
More information about the Catalyst