Re: URI.escape - is it needed for wunderbar code?

Sam Ruby Sat, 26 Sep 2020 10:37:43 -0700

On Sat, Sep 26, 2020 at 12:22 PM sebb <seb...@gmail.com> wrote:
>
> On Sat, 26 Sep 2020 at 16:37, Sam Ruby <ru...@intertwingly.net> wrote:
> >
> > On Sat, Sep 26, 2020 at 10:55 AM sebb <seb...@gmail.com> wrote:
> > >
> > > The URI.escape method is deprecated, and should be replaced.
> > >
> > > However, I'm not sure it's actually needed for Wunderbar code.
> > >
> > > For example, posted-reports.json.rb has
> > >
> > > _link THREAD + URI.escape('<' + mail.message_id + '>')
> > >
> > > However surely Wunderbar _json handles any necessary escaping?
> > >
> > > And posted-reports.cgi has:
> > > href = THREAD + URI.escape('<' + mail.message_id + '>')
> > > ...
> > > _a mail.subject, href: href
> > >
> > > Again, I would expect Wunderbar to do the necessary.
> >
> > Wunderbar would need a way to know if the href was already escaped.
>
> I've just checked, and it does do some escaping:
>
> $ ruby  -rwunderbar -e'_html {x="<a@b.c>"; y="&"; _h3 x ; _a  y, href: x  }'
>
> gives the following body:
>
>     <h3>&lt;a@b.c&gt;</h3>
>     <a href="&lt;a@b.c&gt;">&amp;</a>
>
> This suggests that Wunderbar expects unescaped input?


Currently, wunderbar does indeed do HTML escaping (consistently, for
all text and attribute content), but it doesn't do URL escaping.

What would you expect the following to return?

% ruby -r wunderbar -e '_html {x="http://example.com?q=foo%20bar";; _a
x, href: x}'

- Sam Ruby

Re: URI.escape - is it needed for wunderbar code?

Reply via email to