danielle.d-avout wrote:
sorry, I knew I could irritate and I hate insisting but I had the feeling that I had to it to be read again
No, its fine (imo) that you reposted your complaint, its that you didn't clean out the In-Reply-To or References headers when you started this discussion off the WAI Complient Code thread. That breaks threading.
I could n't find any origin_url in my local Zope Instance but in http://www.zope.org/feedback_site_form/view_source I could see <input type="hidden" name="origin_url" value="&dtml-origin_url;" />
Actually this is correct and will generate valid html. (atleast in 2.6) I located the problem, see below.
url = '%s?came_from=%s&retry=%s' % ( page.absolute_url(), quote(came_from), retry)
in CMFCore/CookieCrumbler.py could it be an example?
This in and of itself is fine... its just going to return a URI, its up to the author who uses that URI in the context of an attribute value to do the correct escaping (in DTML anyway, TAL can be a bit more intelligent). The actual problem is visible in http://www.zope.org/standard_html_footer/view_source if you look closely. The author wrote: <A HREF="&dtml-BASE1;/feedback_site_form?whats_up=<dtml-var title_or_id url_quote>&origin_url=&dtml-absolute_url;">Feedback about Zope.org</A> The bare & before origin_url is hardcoded. This isn't Zope's fault. -- Jamie Heilman http://audible.transient.net/~jamie/ "Most people wouldn't know music if it came up and bit them on the ass." -Frank Zappa