safeURL should not substitute value by empty string

Notice: This thread is very old.
Milo
Nette Core | 1283
+
0
-

When I was writing app on Windows, I passed a full file path like `D:\Web\application' by

<a href='?path={$path}'>

and it was dropped by safeURL, so result was

<a href='?path='>

I don't want to argue, if windows paths should be allowed by safeURL, or not (maybe yes, maybe not). I want to discuss about empty value.

At first moment I was confused where the path dissapeared, and I was searching why is $path empty? I think, it would be more friendly result to be:

<a href='?path=error:Sanitized by safeURL helper'>

This navigates newbies to find the topic on forum.

What do you think?

Last edited by Milo (2014-01-05 22:20)

David Grudl
Nette Core | 8205
+
0
-

I think the problem is that safeUrl should be called only when there are no characters before variable.

Milo
Nette Core | 1283
+
0
-

@David Grudl True. error: can be in debug mode only. When the link just disappears is really confusing.

Eda
Backer | 220
+
0
-

Agree. A few day ago I spent some time on finding similar mistake.
Some kind of warning instead of empty string would be nice.

David Grudl
Nette Core | 8205
+
0
-

Btw, <a href='?path={$path}'> is wrong, you should use <a href='?path={$path|url}'> and it will work.

Milo
Nette Core | 1283
+
0
-

Oh, that's true!