Comments (5)
abw
commented on June 23, 2024
Now updated. Thanks for bringing it to my attention.
from template2.
commented on June 23, 2024
The regexp reported by mar-kolya for RFC 3986 is incorrect. Double quotes are not part of the regexp and must still be escaped, see:
http://tools.ietf.org/html/rfc3986#section-2.3
http://search.cpan.org/~gaas/URI/URI/Escape.pm
my %Unsafe = (
RFC2732 => qr/[^A-Za-z0-9-_.!~*'()]/,
RFC3986 => qr/[^A-Za-z0-9-._~]/,
);
Please fix that (and this would be a huge regression anyway as <a href="http://www.foo.com/id=[% foo FILTER uri %]&name=[% bar FILTER uri %]" would be broken if one of the variables contains a double quote in its value as it would prematurely close the URL).
Looks like I cannot reopen this bug... :(
from template2.
commented on June 23, 2024
Also note that the regexps from my previous comment are mangled by github as it removed backslashes and underscores. So make sure to not copy and paste from here.
from template2.
mar-kolya
commented on June 23, 2024
LpSolit, you are absolutely correct, you may want to open a new issue for that.
In my original comment I've just copy-pased a bug from rt.cpan.org without complete verification. And the bug on rt.cpan.org was created before URI::Escape had that quote remove. My apologies for not verifying that bug report against RFC.
from template2.
commented on June 23, 2024
I filed issue #35 about the regression.
from template2.
Related Issues (20)
- Empty CATCH doesn't catch
- User / developer community HOT 4
- investigate reported t/zz-plugin-cycle.t error from cpantesters HOT 1
- Strange bug not sure the cause
- ttree asks to create config file even when "--file=FILE" command line option is specified
- Type of error with STRICT documented as "var.undefined" but implemented as "var.undef" HOT 2
- Untainting machinery is noisy under Perl 5.35.2 HOT 3
- Load order can break TT HOT 1
- Lingering references to cgi.t in release 3.100 HOT 1
- line number in debug mode when using OUTLINE mode HOT 2
- Extracting META data HOT 4
- t/html.t is looking for the wrong module HOT 1
- Exiting a MACRO early
- Assert always throws
- Test::Template should be based on Test::Builder for compatibilty HOT 2
- Template-Toolkit-3.101: Warning: the following files are missing in your kit
- Template-Toolkit-3.101: t/filter.t seems to contain locale-dependent tests. HOT 1
- Speed up html_entity by optionally using HTML::Escape HOT 6
- Compiled templates have incorrect line numbers for IF statements
- Consider updating to Perl 5.10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from template2.