From: Michael S. <so...@if...> - 2009-06-04 23:38:06
|
John - the XML entities aren't supposed to be decoded when found in URLs: the format of URLs is governed by the HTTP standard, in which characters may be encoded using hexadecimal such as %26 for & (also + for space, oddly). XML entities are only recognized in the context of an XML document. So: exist is doing the right thing in the case you describe. -Mike > -----Original Message----- > From: John Craft [mailto:jc...@jo...] > Sent: Thursday, June 04, 2009 6:21 PM > To: Exi...@li... > Subject: [Exist-open] Ampersand Entities in Query String > Causing Problems > > All- > > I know this has been discussed before, but I think I have run > across a bug in the way eXist handles entitized ampersands in > query strings. For example, if I make the following standard > request, everything works > fine: > > http://localhost:8080/exist/xquery/QuerystringTest.xqy?1=a&2=b&3=c > > However, when the ampersands are converted to entities (see > URL below), a simple XQuery won't read in the parameters correctly. > > http://localhost:8080/exist/xquery/QuerystringTest.xqy?1=a& ;2=b&3 > =c > > With the URL above, eXist treats the first "&" character as a > delimiter and thinks the second parameter is "amp;2" when it > should just be "2" > ("amp;3" as the third parameter, etc). I tested this with > the following below. If you use entities for ampersands and > execute the XQuery, you'll see the incorrect parameter names. > > xquery version "1.0"; > > declare namespace request = "http://exist-db.org/xquery/request"; > > declare option exist:serialize "method=xhtml indent=yes > omit-xml-declaration=yes > doctype-public=-//W3C//DTD HTML 4.01//EN > doctype-system=http://www.w3.org/TR/html4/strict.dtd"; > > <html> > <head> > <meta http-equiv="Content-Type" content="text/html; > charset=UTF-8"/> </head> <body> <ul> { > for $param in request:get-parameter-names() > return > <li>{$param}</li> > } > </ul> > </body> > </html> > > I also did a simple test using the admin section of eXist. > For example, if you browse a collection through the web > interface and change the ampersand in the query string to an > entity, the admin page won't find the right collection: > > http://localhost:8080/exist/admin/admin.xql?panel=browse&c ollection= > /db/books > > When I make the request above, the admin page lists the > contents of the "/db" collection rather than "/db/books". > The behavior makes sense given the code on line 21 of browse.xqm: > > let $colName := request:get-parameter("collection", "/db") return ... > > Clearly, eXist isn't finding the collection "/db/books" > because it thinks the second query string parameter is > "amp;collection" instead of "collection". > > I have tested this in IE8 and FireFox 3 and against eXist versions > 1.3.0.8806 and 1.2.4.8072. > > If I have missed something obvious or if there is a > workaround, please let me know. Could this possibly be an > issue with Jetty? > > Thanks. > > John Craft > > > > -------------------------------------------------------------- > ---------------- > OpenSolaris 2009.06 is a cutting edge operating system for > enterprises looking to deploy the next generation of Solaris > that includes the latest innovations from Sun and the > OpenSource community. Download a copy and enjoy capabilities > such as Networking, Storage and Virtualization. > Go to: http://p.sf.net/sfu/opensolaris-get > _______________________________________________ > Exist-open mailing list > Exi...@li... > https://lists.sourceforge.net/lists/listinfo/exist-open > |