From steven@acko.net Fri May  4 00:43:09 2007
From: Steven Wittens <steven@acko.net>
To: development@drupal.org
Subject: [development] Placeholder usage for URLs inside HTML
Date: Thu, 03 May 2007 17:42:59 -0700
Message-ID: <3E9F745F-ACB8-4C27-BFE6-78AEC4BB6501@acko.net>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5827659400176154272=="

--===============5827659400176154272==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

A patch went in that contained code similar to this:

t('Some text with a link: <a href="!link">caption</a>', array('!link'  
=> url('my/path')));

In principle there is nothing wrong with this, however it's  
discouraged. The reason is that the following code on the other hand,  
does not work as expected (using the HEAD syntax for url()):

t('Some text with a link: <a href="!link">caption</a>', array('!link'  
=> url('my/path', array('query' => array('foo' => 'bar')))));

The additional query string will result in an '&' being inserted into  
the URL, which needs to be escaped into '&amp;' for use inside XHTML  
attributes. If you want the page to validated, you need to use @link  
rather than !link.

IMO we should just avoid using the ! placeholder for both cases, as  
it sets a bad example. Drupal's past has shown that forcing people to  
think about which escape mechanism to use, beyond trivial "dur"  
questions, does not work at all. And people are certainly not going  
to remember to flip the prefix when they add a query string to an  
existing url statement.

This is one of these things that was already implied in the t()  
change documentation, but which apparently needed to be spelled out  
explicitly.

Steven Wittens

--===============5827659400176154272==--