On Wed, May 14, 2003 at 08:55:05PM +0200, Dieter Maurer wrote:
Avoid non-trivial relative URL references.
A trivial URL reference is one not containing a "/". They are harmless.
I'm afraid it's not that simple. You can see this with the following experiment: 1. Create a folder, "A". Check the "create public interface" option. 2. Go inside A. Create a folder, "B". Check the "create public interface" option. 3. Edit A/index_html. Add this line at the bottom of the body: <a href="B"> make the URL grow! </a> 4. Edit A/B/index_html. Add this line at the bottom of the body: <a href="A"> make the URL grow! </a> We now have created two pages which contain what you call a "trivial URL reference". 5. Go to folder A and click the "View" tab - to best show what follows, open it in a new browser window or tab. 6. now click the link repeatedly. five clicks later, I'm at http://my-zope-site:8080/A/B/A/B/A/B This can be prevented by replacing the link URLs with absolute URLs. For flexibility, that's best done by getting the object and calling its absolute_url method. In CMF sites, i've found that relative links from one bit of content to another are not a problem in practice, but relative links in the framework (skins) are a big problem and should be avoided. -- Paul Winkler home: http://www.slinkp.com "Muppet Labs, where the future is made - today!"