[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnash-dev] Passing URLs to Browser

From: Benjamin Wolsey
Subject: Re: [Gnash-dev] Passing URLs to Browser
Date: Thu, 06 Jan 2011 11:58:22 +0100

> To make it very clear: URL escaping is *not* intended to make an URL
> safe for passing through the shell -- and it can't be (mis)used for this
> purpose in a generic fashion. Characters like '&' or '#' would have to
> be escaped for the shell, but that would break the URL. There is no way
> to safely pass a URL through the shell without applying some shell
> quoting.

I'd also consider that Gnash uses the URL::encode function both for
actionscript URL escaping (there is a method _global.escape() that's
also called from various other Flash API functions) on the one hand, and
for genuine external URL escaping on the other.

It's certainly not correct for ActionScript (see testsuite/swfdec
escaping tests), and it seems it's also not very useful for our own

Most likely it would be better to split this into two functions: one
that does what's required for actionscript (which bears no relation to
any standard way of escaping), leaving us free to design a sensible
second one that can escape URLs without changing the protocol.


The current release of Gnash is 0.8.8

Benjamin Wolsey, Software Developer -
C++ and Open-Source Flash blog -


Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to

[Prev in Thread] Current Thread [Next in Thread]