Skip Menu |
 

This queue is for tickets about the CGI.pm CPAN distribution.

Report information
The Basics
Id: 2130
Status: resolved
Priority: 0/
Queue: CGI.pm

People
Owner: LDS [...] cpan.org
Requestors: m_to-pause-LDS-re-CGI [...] wickline.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: 2.91
Fixed in: (no value)

Attachments


Subject: documentation suggestion with patch
Download (untitled) / with headers
text/plain 261b
This caught us by suprise. Maybe with a mention in the docs a few folks will be forewarned, but more likley most CGI.pm users haven't looked at the docs for a while :) ...at least this will give something for the search engines to index on the matter. -matt
Download diff-Bub.txt
text/plain 2.2k
--- CGI.pm Thu Feb 20 12:30:50 2003 +++ revisedCGI.pm Thu Feb 20 12:59:43 2003 @@ -4329,6 +4329,52 @@ This became the default in version 2.64. +This default works quite well in 99% of the cases. Semicolon-delimited +query strings work fine in URLs used in HTTP redirect responses, and +in all places you would use an URL in HTML... for most browsers. The +one exception is that semicolon-delimited query strings may pose a +problem in META refresh tags in HTML when those tags are received by +MicroSoft Internet Explorer version 6.0. This bug was observed in +MSIE v6.0.2600.0000CO running on Windows 2000, and may exist in other +versions of MSIE as well. + +A META refresh tag has roughly this form: + + <!-- redirect this many seconds '10' after page loads --> + <META HTTP-EQUIV=Refresh CONTENT="10; URL=http://example.com/"> + <!-- redirect to this URL ^^^^^^^^^^^^^^^^^^^ --> + +Savvy browsers should split the value of the CONTENT attribute into +two values on the '; ' delimiter. However, MSIE splits on any ';' +found in the value of the CONTENT attribute, and looks at the first +two values returned. As a result, given this URL + + http://example.com/some.cgi?a=foo;b=bar;c=baz + +Most web browsers will do the right thing. MSIE, however, will send +the user to + + http://example.com/some.cgi?a=foo + +Unless you can guarantee that your users will avoid this browser +(and any other similarly-afflicted browsers), you will want to be +cautious when constructing these refresh tags. If the URL you're +placing in that tag is generated by CGI.pm, you can do something +like the following... + + # code out here using semicolons + my $redirect; + { # temporarily revert to ampersands instead of semicolons: + local $CGI::USE_PARAM_SEMICOLONS = 0; + $redirect = CGI::escapeHTML( CGI::url( -query => 1 ) ); + } # now we're back to semicolons + $redirect = qq{<META HTTP-EQUIV="Refresh" CONTENT="10; URL=$redirect">}; + +Alternatively, you can use old ampersand-style URLs throughout +your script (see directly below). However, the old style URLs +will leave you with more HTML entity encoding to do as raw +ampersands are not valid within HTML. + =item -oldstyle_urls Separate the name=value pairs in CGI parameter query strings with


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.