safeURL should not substitute value by empty string
Notice: This thread is very old.
- Milo
- Nette Core | 1283
When I was writing app on Windows, I passed a full file path like `D:\Web\application' by
<a href='?path={$path}'>
and it was dropped by safeURL, so result was
<a href='?path='>
I don't want to argue, if windows paths should be allowed by safeURL, or not (maybe yes, maybe not). I want to discuss about empty value.
At first moment I was confused where the path dissapeared, and I was
searching why is $path
empty? I think, it would be more friendly
result to be:
<a href='?path=error:Sanitized by safeURL helper'>
This navigates newbies to find the topic on forum.
What do you think?
Last edited by Milo (2014-01-05 22:20)
- David Grudl
- Nette Core | 8205
I think the problem is that safeUrl should be called only when there are no characters before variable.
- David Grudl
- Nette Core | 8205
Btw, <a href='?path={$path}'>
is wrong, you should use
<a href='?path={$path|url}'>
and it will work.