Sign in

E-mail *, (xx@domain.com)
Password *

Register | Forgot password

Recent blogs

RSS - Blogs
December 24, 2008
The year has almost ended...
December 9, 2008
5 Spring pitfalls
December 9, 2008
Like A Version
October 22, 2008
New certification process
October 17, 2008
Search quest [3/3] - improvements

All Blogs...


All amped up

May 20, 2008

I am still recovering from the 26th installment of the local festival "Day of the Life Song". Ten hours of drinking and singing, so blogging comes kind of natural at this time. :-)


For lovers of the Day of the Life Song, a photo that I saw on some CTO's feed:

Der Keyboard Superstar

Der Keyboard Superstar live in action!


Off topic: terrible translation "life song" for "levenslied". I tried "tear jerker" but that is not making it any better. Suggestions for good translations are welcome.


In the last few weeks the ampersand (the character '&') has been trying to catch my attention. As you may know, the page you are looking at is defined in HTML. In HTML, the '&' is used as escape character for HTML-entities, much like the backslash (\) in Java strings or the single quote (') in SQL strings. Whenever you encounter strange things in HTML, you are supposed to escape them to their entities. If you don't Bad Things (tm) might happen (and in fact they do when exporting XML output for RSS readers)!


Below are some escaping examples:

String test = "Look mom, a backslash (\\)"; // Java
SELECT 'Look mom, a single quote ('')' -- SQL
<b>Look mom, an ampersand (&amp;)</b> <!-- HTML -->

So far, so good!

Enters the content. In particular: URLs. Below are a few examples taken from this site:


http://www.gxdeveloperweb.com/Blogs.htm
http://www.gxdeveloperweb.com/Forums/Forum-WCB-Java-Development.htm?fc=4-160&forum=4&message=160

As you can see, the latter URL contains ampersands. While a URL does not need to be escaped in the address bar of your browser, it does need to be escaped in the HTML source code that builds a link for you. The source for that last URL should read:

<a href="/Forums/Forum-WCB-Java-Development.htm?fc=4-160&amp;forum=4&amp;message=160">link</a>

Which it actually does! I must confess I am amazed, because not many people are true escape artists. This is fuelled by browsers that allow you to be sloppy.

Yay! GX WebManager correctly escapes internal links! External links it does not touch, though. You will have to escape those ampersands manually.


Not all shines, though. The HTML validator still detects plenty of unescaped ampersands in the HTML source of this website, probably the result of mistakes in the design JSP files. Which only goes to illustrate that it is good to check, check, and doublecheck again!

Keep an eye out for them ampersands... Till next time!


Greetings,


Patrick



markvc | 20-05-2008 18:41

Hi Patrick,

This is also due to a bug in WebManager, check out link attributes are not properly escaped. In general, when you write XHTML, your file must also be valid XML and therefore any ampersand you see on a page is the start of an entity. Not only in links, but also in plain text!

Gr,
Mark


 
simon | 21-05-2008 09:38

...and in Javascript code too. That also counts for the less-than and greater-than signs. See http://javascript.about.com/library/blxhtml.htm for the details and best way of handling this.

cheers,

--
Simon



patricka | 21-05-2008 12:15

@Mark:

Aw, that issue GXWM-4202 is probably about external links? I notice that when it comes to INPUT tags, escaping gets much sloppier. As far as I noticed, escaping to entities works just fine for normal elements (probably due to output-escaping in JSP?).

@simon

I challenge you to put

<script type="text/javascript">
/* <![CDATA[ */
// Let's be mean!
/* ]]> */
</script>



on your page and have personalization still working! Don't the two collide? Personalization also depends on the CDATA tag, so I'd expect it to go awry.

And furthermore, how to handle javascript links outside the SCRIPT tags? E.g.:

<a href="#" onclick="window.open('http://www.gxdeveloperweb.com?a=b&amp;c=d')">test</a>



Greetings,

Patrick



mvberkum | 24-05-2008 21:52

Off topic, but I strongly deny any involvement with that picture in this blog, or even suggesting that I would be attending such a ridiculous and immature festival! Any resemblance to people looking like me there is pure coincidence. I do have prove though that you, Patrick, were there!


About the Author

Return to all blogs

 

Patrick Atoon

Patrick Atoon has gained nuff respect as one of the most experienced web architects in the GX Webmanager community or even the global hip hop community for that matter.

Read all Patricks blog entries

Other blog entries:

December 9, 2008
Like A Version
August 19, 2008
Stop making sense
August 4, 2008
Namaste!
July 7, 2008
Japanese encore (日本のアンコール)
May 7, 2008
No soup for you!
April 16, 2008
Live in effect
April 14, 2008
Lacking chemistry
March 20, 2008
About cars and software
March 17, 2008
Scope, que?!
March 11, 2008
Maven FTW!


Share:

del.icio.us
digg
Technorati
Slashdot
Reddit
YahooMyWeb
NewsVine
ekudos
© 2008 GX creative online development B.V.

Disclaimer

This website (GXdeveloperweb.com) may discuss or contain opinions, (sample) coding, software or other information that does not include GX official interfaces, instructions or guidelines and therefore is not supported by GX. Changes made based on this information are not supported.  GX will not be held liable for any damages caused by using or misusing the information, software, instructions, code or methods suggested on this website, and anyone using these methods does so at his/her own risk. GX offers no guarantees and assumes no responsibility or liability of any type with respect to the content of this website, including any liability resulting from incompatibility between the content of this website and the materials and services offered by GX. By using this website you will not hold, or seek to hold, GX responsible or liable with respect to the content of this website.