|
Colin Bean
ccbean at gmail.com
Mon May 14 15:20:24 EDT 2007
On 5/14/07, Roger Binns <rogerb at rogerbinns.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Colin Bean wrote: > > Have you considered base64 encoding the path data you want sent as a > > parameter? Might make your application harder to use, but you could > > send whatever you wanted as a parameter without involving apache's url > > processing rules. > > Yes, that falls under "Have some sort of escape sequence that allows them" Sort of... I'd consider encoding the entire path a different solution to escaping specific problem characters (and you make this distinction below). Base64 encoding would also handle more than just the /./ and /../ problem cases, it would handle any other url-unfriendly characters that appear in your book titles ('#' and foreign language characters come to mind, although you could still escape / url encode those). Anyway, just my $0.02 > > /./ and /../ are going to be the uncommon case so I'll either ban them > outright or think of something that only requires them to be escaped > rather than the whole string which is what base64 does. Unfortunately > the obvious use of \ is taken since is the path separator under Windows > and it gets treated similarly to /. Something like tilde would work > although that now makes two special cases for people have to worry about > (the /../ and tilde). > > Roger > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFGSKspmOOfHg372QQRApYIAKCx8UaUGwwDkJKsqkK8rDNWxmU/KwCgr1T8 > HlEVETadxhw9xITlWrxSys0= > =jWEQ > -----END PGP SIGNATURE----- > _______________________________________________ > Mod_python mailing list > Mod_python at modpython.org > http://mailman.modpython.org/mailman/listinfo/mod_python >
|