[Opa] Another UriParser issue

Owen Gunden ogunden at phauna.org
Fri Jan 27 03:20:20 UTC 2012


Amazon referal links, e.g.

http://www.amazon.com/gp/product/B000EVLS2O/ref=as_li_ss_tl?ie=UTF8&tag=phaunaorg-20&linkCode=as2&camp=1789&creative=390957&creativeASIN=B000EVLS2O

do not parse, because of the '=' sign within the path elements
(ref=as_li_ss_tl is not part of the query string, it's part of the
path).

Because this doesn't parse, if I go to serve it in an href, the href
comes up as "javascript:void(0)/*Sanitized URI*/". It's going to be
hard to make any money like this :).

I believe this code (from core/uri.opa) is involved:

  /**
   * Decide whether a string represents a well-formed and secure URI.
   *
   * @param s A string
   * @return true if the string represents a valid [http], [https],
[ftp] or [mailto] URI.
   */
  // FIXME, secure? in what sense secure?
  is_secure(s:string) =
     match of_string(s) with
        | {none} -> false
        | _      -> true

Maybe time to revisit that FIXME?

In the meantime, perhaps I can work around this with some kind of raw
xhtml injections..

On Thu, Jan 26, 2012 at 5:41 PM, Owen Gunden <ogunden at phauna.org> wrote:
> This parses:
>
> http://www.foo.com/foo/bar?baz=quux
>
> But this does not:
>
> http://www.foo.com/foo/bar?baz
>
> Per the rfc, there's no requirement that the query string be in
> key/value format: http://tools.ietf.org/html/rfc3986#section-3.4
>
>
> You're going to ask for a patch, right?
>
> Patching this seems like it requires a type change through to the
> interface so I'm not sure how badly you want that change. Right now we
> have:
>
>                 ; query : list((string,string))
>
> which I would replace with
>
>                ; query : query
>
> and
>
>  type query = { empty } / { key_value_pairs:list((string,string)) } /
> { plain:string }


More information about the Opa mailing list