safeURL should not substitute value by empty string

Milo

When I was writing app on Windows, I passed a full file path like `D:\Web\application' by

<a href='?path={$path}'>

and it was dropped by safeURL, so result was

<a href='?path='>

I don't want to argue, if windows paths should be allowed by safeURL, or not (maybe yes, maybe not). I want to discuss about empty value.

At first moment I was confused where the path dissapeared, and I was searching why is $path empty? I think, it would be more friendly result to be:

<a href='?path=error:Sanitized by safeURL helper'>

This navigates newbies to find the topic on forum.

What do you think?

Last edited by Milo (2014-01-05 22:20)

David Grudl

I think the problem is that safeUrl should be called only when there are no characters before variable.

Milo

@David Grudl True. error: can be in debug mode only. When the link just disappears is really confusing.

Eda

Agree. A few day ago I spent some time on finding similar mistake.
Some kind of warning instead of empty string would be nice.

David Grudl

Btw, <a href='?path={$path}'> is wrong, you should use <a href='?path={$path|url}'> and it will work.

Milo

Oh, that's true!