Bug#907667: lintian: should html escape output if --color=html is used

To: Chris Lamb <lamby@debian.org>, 907667@bugs.debian.org
Cc: James Cowgill <jcowgill@debian.org>
Subject: Bug#907667: lintian: should html escape output if --color=html is used
From: Niels Thykier <niels@thykier.net>
Date: Sat, 01 Sep 2018 14:02:00 +0000
Message-id: <[🔎] 89ddd55c-b803-3b42-4d49-6d26cbf67487@thykier.net>
Reply-to: Niels Thykier <niels@thykier.net>, 907667@bugs.debian.org
In-reply-to: <[🔎] 1535794396.2105694.1493354216.048BD974@webmail.messagingengine.com>
References: <8a11cd54-b508-c3b7-4e55-8c089796e800@debian.org> <[🔎] 1535787852.2565789.1493306968.563E7109@webmail.messagingengine.com> <[🔎] 12311db6-254c-455c-10f5-29a4013a91a5@thykier.net> <[🔎] 1535794396.2105694.1493354216.048BD974@webmail.messagingengine.com> <8a11cd54-b508-c3b7-4e55-8c089796e800@debian.org>

Chris Lamb:
> Hi Niels,
> 
>> Any reason for introducing the CGI dependency over simply applying the
>> same escape rules for the $information variable?
> 
> Only because well-used libraries are preferred, particularly for data
> sanitisation (!) operations.
> 
> Is the extra dependency problematic? We use some far-more esoteric
> libraries than CGI, so I did not think it would be an issue.
> 
> 
> Regards,
> 

If we are consistent with how we perform the quoting, I do not mind the
extra dependency.  Particularly because it should be doable to reduce it
to a suggests given --color=html is not a default (which we can add
later if relevant).

Though, reminder - if you introduce a new dependency, you will have to
get DSA to install it on lindsay.d.o before you can upgrade lintian there.

Thanks,
~Niels

Reply to:

Follow-Ups:
- Bug#907667: lintian: should html escape output if --color=html is used
  - From: Chris Lamb <lamby@debian.org>

References:
- Bug#907667: lintian: should html escape output if --color=html is used
  - From: Chris Lamb <lamby@debian.org>
- Bug#907667: lintian: should html escape output if --color=html is used
  - From: Niels Thykier <niels@thykier.net>
- Bug#907667: lintian: should html escape output if --color=html is used
  - From: Chris Lamb <lamby@debian.org>

Prev by Date: Jenkins build is back to normal : lintian-tests_sid #3184
Next by Date: Bug#907423: lintian should give an error when both foo-dbg and foo-dbgsym are built
Previous by thread: Bug#907667: lintian: should html escape output if --color=html is used
Next by thread: Bug#907667: lintian: should html escape output if --color=html is used
Index(es):
- Date
- Thread