[javascript] asURL now escapes request arguments stable
authorAdrien Di Mascio <Adrien.DiMascio@logilab.fr>
Thu, 22 Oct 2009 09:30:10 +0200 (2009-10-22)
branchstable
changeset 3781 c7ef58db0e4b
parent 3780 4ff37d54aae1
child 3782 c69fe7493b91
[javascript] asURL now escapes request arguments I can't see no good reason for not escaping parameters. The two main locations where asURL is used are : - edition view: here, the change should have no effect - facets: escaping is clearly needed in that case
web/data/cubicweb.htmlhelpers.js
--- a/web/data/cubicweb.htmlhelpers.js	Wed Oct 21 19:32:53 2009 +0200
+++ b/web/data/cubicweb.htmlhelpers.js	Thu Oct 22 09:30:10 2009 +0200
@@ -42,11 +42,11 @@
 }
 
 /* builds an url from an object (used as a dictionnary)
- * Notable difference with MochiKit's queryString: asURL does not
- * *url_quote* each value found in the dictionnary
  *
  * >>> asURL({'rql' : "RQL", 'x': [1, 2], 'itemvid' : "oneline"})
  * rql=RQL&vid=list&itemvid=oneline&x=1&x=2
+ * >>> asURL({'rql' : "a&b", 'x': [1, 2], 'itemvid' : "oneline"})
+ * rql=a%26b&x=1&x=2&itemvid=oneline
  */
 function asURL(props) {
     var chunks = [];
@@ -55,10 +55,10 @@
 	// generate a list of couple key=value if key is multivalued
 	if (isArrayLike(value)) {
 	    for (var i=0; i<value.length;i++) {
-		chunks.push(key + '=' + value[i]);
+		chunks.push(key + '=' + urlEncode(value[i]));
 	    }
 	} else {
-	    chunks.push(key + '=' + value);
+	    chunks.push(key + '=' + urlEncode(value));
 	}
     }
     return chunks.join('&');