From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <35d3276d14af60b0ed55291221a7e197@quanstro.net> Date: Sat, 8 Jul 2006 08:32:34 -0500 From: quanstro@quanstro.net To: 9fans@cse.psu.edu Subject: Re: Abaco (was Re: [9fans] smacme) In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Topicbox-Message-UUID: 782d68d6-ead1-11e9-9d60-3106f5b1d025 On Sat Jul 8 08:32:32 CDT 2006, benavento@gmail.com wrote: > > the offending url is: > >=20 > > //adlog.com.com/adlog/i/r=3D7261&s=3D670913&x-fid=3D27&t=3D2006.07.08= .12.32.41&o=3D1:&h=3Dcn&p=3D2&b=3D5&l=3Den_US&site=3D3&pt=3D2001&nd=3D1=CF= =80d=3D&cid=3D0&pp=3D100&rqid=3D00c17-ad-e444AE8131A6EF99/http://i.i.com.= com/cnwk.1d/Ads/common/dotclear.gif > >=20 >=20 > did you apply the change? what change? > according to russ href's cannot contain '&' they should have "&" in= stead, > but this is not the rule out there. libhtml code sees '&' and doesn't w= ait for the ';' > so "&sp" becomes ' ', with my change "&sp" is still "&sp", but "&sp;" g= ets translated > into ' '. >=20 hrefs *MAY* contain &. & is the argument sepertaor for cgi scripts. if = you have an "&" in an argument, you need to url-escape it -- that is a much differ= ent escaping mechanism than for html. for example "&" would be encoded as "%26". it is curious that they are not using a ? to seperate the base url from t= he arguments. i used curl on my linux machine to inspect the text sent from the news.co= m.com server. the url really does have a =CF=80 in it. try it out. also, html entities like &sp; or π should never be interpreted within urls. - erik