Bug in URI ?!
dom at happygiraffe.net
Wed Aug 16 08:44:47 BST 2006
David Dorward wrote:
> Paul Makepeace wrote:
>> URI::_query::query_form() which makes query strings:
>> $self->query(@query ? join('&', @query) : undef);
>> Now as anyone in web standards knows, that ought to be '&'.
> Only if the URI is being written in HTML. Since, to judge from the
> module name, it is just a URL there shouldn't be any markup language
> specific encoding going on. Once you have the URI you should run it
> though a suitable encoding method before using it in markup though.
Once again, this highlights how poor our tools our... If templating
systems did HTML escaping by default, this wouldn't be an issue (i.e.
having to remember to html encode all strings that could possibly
contain user input). When will our frameworks grow up?
More information about the london.pm