• Post Reply Bookmark Topic Watch Topic
  • New Topic

Incorrect escaping by c:url  RSS feed

 
Rick DeBay
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
<a href="<c:url value="sitenav">
<c aram name="dest" value="category"/>
<c aram name="catID" value="${subCat.ID}"/>
</c:url>">
is writing
<a href="sitenav?dest=category&catID=105">
which is incorrect, the & should be escaped as &
How can this be corrected?
 
Frank Carver
Sheriff
Posts: 6920
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In teh case you quote, I don't think the "&" should be escaped, it is a legitimate parameter separator generated by the tag. Why do you thik it should be escaped?
 
Rick DeBay
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It should be escaped as &amp because & is defined to begin an entity. It's incorrect HTML, but most browsers recover from it. A good explanation is at http://www.htmlhelp.com/tools/validator/problems.html#amp titled "Ampersand's in URLs."
 
Rick DeBay
Ranch Hand
Posts: 70
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The W3 spec is at B.2.2 Ampersands in URI attribute values.
There is already a bug filed against JSTL: <c:url> generates incorrect encoding.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!