This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 2669 - URL encoding in JavaScript/PHP
Summary: URL encoding in JavaScript/PHP
Alias: None
Product: Validator
Classification: Unclassified
Component: Parser (show other bugs)
Version: HEAD
Hardware: PC Windows 2000
: P2 normal
Target Milestone: ---
Assignee: Terje Bless
QA Contact: qa-dev tracking
Depends on:
Reported: 2006-01-06 14:44 UTC by Willem
Modified: 2006-01-06 15:38 UTC (History)
0 users

See Also:


Description Willem 2006-01-06 14:44:40 UTC

the following has kept me busy for some time. While validating pages I've
noticed a problem with URLs in JavaScript. I'm supposed to encode all & into
&amp; in a page and in <A> tags. The validator requires me to encode strings in
JavaScript also. But this will cause trouble for PHP script.

I've created a sample (/simple) page that demonstrates the issue:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
<html xmlns="">
<meta http-equiv="Content-Language" content="en" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Validator test</title>
<script language="JavaScript" type="text/javascript">
function openLink() {
window.location.href = '<?php echo $_SERVER['SCRIPT_NAME']; ?>?a=1&amp;b=2';
<a href="<?php echo $_SERVER['SCRIPT_NAME']; ?>?a=1&amp;b=2">open via
link</a><br /><br />
<form method="post" action="<?php echo $_SERVER['SCRIPT_NAME']; ?>?a=1&amp;b=2">
<input type="submit" value="open via form" /><br /><br />
<input type="button" value="open via jscript" onclick="openLink()" /><br /><br />
// show submitted vars

The link and form methods will correctly output:
array(2) {
  string(1) "1"
  string(1) "2"

The JavaScript method however will output:
array(2) {
  string(1) "1"
  string(1) "2"

So with the JS method it seems the URL isn't decoded. I'm wondering what the
problem is...

a) It's not required to encode JS strings, and the validator incorrectly checks
b) PHP isn't decoding for some reason;
c) the browser doesn't handle the string as it should (tested with latest MS IE
and Mozilla FF);
d) I'm all wrong and there is a better way to do what I want.

Would be nice to hear what other people think.

Regards, Willem
Comment 1 Bj 2006-01-06 14:57:57 UTC
Your XHTML is probably parsed as HTML; XHTML and HTML define different 
requirements for parsing <script> elements, in HTML escapes such as &amp; will 
not be decoded, in XHTML they would; use the application/xhtml+xml media type 
for such XHTML documents, external scripts, or one of the <![CDATA[]]> escaping 
methods you'll find all over the web to solve this. See the www-validator 
mailing list archives for details.
Comment 2 Willem 2006-01-06 15:38:45 UTC

setting the header did the trick, thanks!

<?php header('Content-Type: application/xhtml+xml'); ?>