[OT] absolute vs. relative URI
Chris Warrick
kwpolska at gmail.com
Fri Jan 23 11:00:15 EST 2015
On Fri, Jan 23, 2015 at 4:40 PM, Grant Edwards <invalid at invalid.invalid> wrote:
> On 2015-01-23, Marko Rauhamaa <marko at pacujo.net> wrote:
>> Grant Edwards <invalid at invalid.invalid>:
>>
>>> I'm not an HTLM/HTTP guru, but I've tinkered with web pages for 20+
>>> years, and for links within sites, I've always used links either
>>> relative to the current location or an absolute _path_ relative to the
>>> current server:
>>>
>>> <a src='/Whatever'>Whatever</a>
>>>
>>> I've never had any problems with links like that. Is there some case
>>> where that doesn't work right and I've just been stupidly lucky?
>>
>> An ancient HTML spec (<URL: https://tools.ietf.org/html/rfc1866>)
>> specifies:
> [...]
>> It refers to the URI spec (<URL: https://tools.ietf.org/html/rfc1630>):
> [...]
>>
>> Bottom line: you are safe.
Technically, there is one way to break things:
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/base
However, nobody really uses that. Determining the protocol and server
URL is a lot of effort, but it does not give any advantages over plain
"/Whatever". Moreover, it would be safer and more future-proof to use
a protocol-relative "//example.com/Whatever" URL instead of
determining the protocol by ports (why 8433? I can serve (insecure)
HTTP there; hell: I can be a complete jerk and swap ports 80 and
443!).
But, this webapp completely ignores a pitfall in the process: it
assumes the app lives in the web server root. You can easily change
this via your favorite HTTP daemon.
> Thanks, I was pretty sure that was the case. But, I'm still baffled
> why the original author(s) went to the extra work to always generate
> absolute URIs. The pages were originally developed by a web
> development company we contracted to do the initial design for us. We
> were _assuming_ they knew more about that sort of thing than we
> old-school EE types.
Hah! Those people certainly don’t look “experienced”.
"<a src='%sWhatever>Whatever</a>" % wwwroot
0. This should be href=, but this is probably an error with retyping.
(use copy-paste next time.)
1. "double" quotes should be used,
2. and on both sides of the URL.
3. This should be handled in (Jinja2) templates,
4. which should not involve string formatting;
5. especially old-style %-based string formatting!
--
Chris Warrick <https://chriswarrick.com/>
PGP: 5EAAEA16
More information about the Python-list
mailing list