On Mar 4, 12:29 pm, Malcolm Tredinnick <malc...@pointy-stick.com>
wrote:
> On Tue, 2009-03-03 at 17:09 -0800, Rob Hudson wrote:
> > At work we wanted to set up some quick clickthru tracking. I whipped
> > up a quick solution that seemed to work on my local machine. The
> > solution was to use jQuery to look for anchor tags who's href started
> > with "http://"; as a signifier of external links, and add a click event
> > to them to direct them back to our server first. Then catch that with
> > a view that logged it and redirected it back out.
>
> > I liked this solution because:
> > 1) The user still sees where the link is going in the status bar on
> > hover.
>
> So you lie to them in other words. You're engaging in something that
> could arguably be called phishing at that point. :-)
>
> Bad habit to get into, I feel. But it's your call.
>
>
>
> > Somewhere along the way the URLs are losing a "/" and the original URL
> > of "http://www.google.com"; gets munged into "http:/www.google.com",
> > which is resulting in a 404 on our site.
>
> [...]
>
> > Throwing an assert in my view shows that the url already has lost one
> > slash.
>
> The web server might be collapsing the slashes together. I can't
> remember whether this is permissible or not, but it might be what's
> happening. So you'd be sending
>
> clickthru/http://foo/bar
>
> and receiving
>
> clickthru/http:/foo/bar
>
> which, if it were a filesystem, would be equivalent. Again, I can't
> remember (or have the time to check all the details right now), whether
> the URI spec permits this kind of transformation, but I suspect not.
>
> Try using a different escaping function that also replaces slashes. E.g.
> replace slashes with _@ and "_" with "__", so it's reversible. That
> should then transmit through cleanly.
Apache will collapse the adjacent slashes.
In short, if wanting slashes to be significant in trailing path info,
you must encode them using a custom encoding mechanism.
I think the discussion on web-sig about this is:
http://groups.google.com/group/python-web-sig/browse_frm/thread/2003e1c1ecce27b2
Graham
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
