[hunchentoot-devel] url-encode doesn't encode apostrophes
Edi Weitz
edi at agharta.de
Sat Dec 22 03:03:53 UTC 2007
On Fri, 21 Dec 2007 13:57:15 -0700, Robert Uhl <eadmund42 at gmail.com> wrote:
> I'm using url-encode to encode strings that I use for keys (see
> e.g. <http://octopodial-chrome.com/tasting-notes/beer/Fuller%26rsquo%3Bs/2000%20Vintage%20Ale>;
> the brewer and beer name strings are both Unicode/HTML and contain
> characters meaningful in a URL). While running my pages through the
> w3c validator, I discovered that url-encode doesn't encode
> apostrophes ('), so now I run my strings through
> (cl-who:encode-string (hunchentoot:url-encode string)); is this the
> appropriate way to do things?
>
> It might be: url-encode turns a string into a string suitable for a
> URL and encode-string turns a string into a string suitable for an
> HTML attribute value. Still, it seems a bit...complex.
It seems complex, but it is the right way to do it. FWIW, the CL-WHO
function is called ESCAPE-STRING, not ENCODE-STRING, and that shows
its intent more clearly.
As you said, you URL-encode the string to make it suitable for a URL.
You might want to use the result for a header value in an HTTP reply,
or as a URL you're giving to a client like Drakma. That's fine. But
if you want to put the URL-encoded string into an HTML page, then the
HTML rules apply, and you might have to escape the string in order not
to create conflicts. That's life... :)
Still, I'm surprised to see parts like "r%26rsquo%3Bs" in your example
URL. With recent Hunchentoot and CL-WHO I get this:
CL-USER 4 > (hunchentoot:url-encode "Fuller's")
"Fuller's"
CL-USER 5 > (cl-who:escape-string *)
"Fuller's"
And if I put a link like
<a href="http://weitz.de/foo?a=Fuller's">click me</a>
into an HTML file, then Firefox will go to
http://weitz.de/foo?a=Fuller's
if I click the link. Your example almost looks as if you have it the
other way around.
Edi.
More information about the Tbnl-devel
mailing list