[Zope] conformance to W3C Recommendations and other standards
Jamie Heilman
jamie@audible.transient.net
Sat, 21 Dec 2002 13:50:43 -0800
danielle.d-avout wrote:
>
> sorry, I knew I could irritate and I hate insisting but I had the feeling
> that I had to it to be read again
No, its fine (imo) that you reposted your complaint, its that you didn't
clean out the In-Reply-To or References headers when you started this
discussion off the WAI Complient Code thread. That breaks threading.
> I could n't find any origin_url in my local Zope Instance
> but in http://www.zope.org/feedback_site_form/view_source
> I could see
> <input type="hidden" name="origin_url" value="&dtml-origin_url;" />
Actually this is correct and will generate valid html. (atleast in 2.6)
I located the problem, see below.
> url = '%s?came_from=%s&retry=%s' % (
> page.absolute_url(), quote(came_from), retry)
>
> in CMFCore/CookieCrumbler.py could it be an example?
This in and of itself is fine... its just going to return a URI, its
up to the author who uses that URI in the context of an attribute
value to do the correct escaping (in DTML anyway, TAL can be a bit
more intelligent).
The actual problem is visible in
http://www.zope.org/standard_html_footer/view_source if you look
closely. The author wrote:
<A HREF="&dtml-BASE1;/feedback_site_form?whats_up=<dtml-var title_or_id url_quote>&origin_url=&dtml-absolute_url;">Feedback about Zope.org</A>
The bare & before origin_url is hardcoded. This isn't Zope's fault.
--
Jamie Heilman http://audible.transient.net/~jamie/
"Most people wouldn't know music if it came up and bit them on the ass."
-Frank Zappa