[Opa] Another UriParser issue
Owen Gunden
ogunden at phauna.org
Fri Jan 27 03:20:20 UTC 2012
Amazon referal links, e.g.
http://www.amazon.com/gp/product/B000EVLS2O/ref=as_li_ss_tl?ie=UTF8&tag=phaunaorg-20&linkCode=as2&camp=1789&creative=390957&creativeASIN=B000EVLS2O
do not parse, because of the '=' sign within the path elements
(ref=as_li_ss_tl is not part of the query string, it's part of the
path).
Because this doesn't parse, if I go to serve it in an href, the href
comes up as "javascript:void(0)/*Sanitized URI*/". It's going to be
hard to make any money like this :).
I believe this code (from core/uri.opa) is involved:
/**
* Decide whether a string represents a well-formed and secure URI.
*
* @param s A string
* @return true if the string represents a valid [http], [https],
[ftp] or [mailto] URI.
*/
// FIXME, secure? in what sense secure?
is_secure(s:string) =
match of_string(s) with
| {none} -> false
| _ -> true
Maybe time to revisit that FIXME?
In the meantime, perhaps I can work around this with some kind of raw
xhtml injections..
On Thu, Jan 26, 2012 at 5:41 PM, Owen Gunden <ogunden at phauna.org> wrote:
> This parses:
>
> http://www.foo.com/foo/bar?baz=quux
>
> But this does not:
>
> http://www.foo.com/foo/bar?baz
>
> Per the rfc, there's no requirement that the query string be in
> key/value format: http://tools.ietf.org/html/rfc3986#section-3.4
>
>
> You're going to ask for a patch, right?
>
> Patching this seems like it requires a type change through to the
> interface so I'm not sure how badly you want that change. Right now we
> have:
>
> ; query : list((string,string))
>
> which I would replace with
>
> ; query : query
>
> and
>
> type query = { empty } / { key_value_pairs:list((string,string)) } /
> { plain:string }
More information about the Opa
mailing list