Bug#181872: Patch

To: Frank Lichtenheld <frank@lichtenheld.de>, 181872@bugs.debian.org
Subject: Bug#181872: Patch
From: barbier@linuxfr.org (Denis Barbier)
Date: Wed, 16 Apr 2003 14:10:20 +0200
Message-id: <[🔎] 20030416121020.GA30193@zobe.linuxfr.org>
Reply-to: barbier@linuxfr.org (Denis Barbier), 181872@bugs.debian.org
In-reply-to: <[🔎] 20030415165623.GA1010@djpig.de>
References: <20030313144254.GA732@djpig.de> <20030313172715.GB4218@prvidomaci.srce.hr> <20030313174635.GB732@djpig.de> <20030313185805.GH4218@prvidomaci.srce.hr> <[🔎] 20030415143923.GA10130@zobe.linuxfr.org> <[🔎] 20030415155347.GC28172@prvidomaci.srce.hr> <[🔎] 20030415165623.GA1010@djpig.de>

On Tue, Apr 15, 2003 at 06:56:23PM +0200, Frank Lichtenheld wrote:
> On Tue, Apr 15, 2003 at 05:53:47PM +0200, Josip Rodin wrote:
> > On Tue, Apr 15, 2003 at 04:39:23PM +0200, Denis Barbier wrote:
> > > No, within plain text one writes http://foo.org/?a=1&b=2, escaping is only
> > > performed for some other formats (SGML and co).
> > > So unless descriptions are going to be considered as HTML text, this fix
> > > is meaningful.
> > 
> > Sorry but "don't do that" won't work if someone files a bug about it.
> > I much prefer to cover the corner cases now over covering them later.
> 
> I think, the solution presented by Andrew Shugg in #186740 is the
> right way to go.

Nope, ampersnads must be escaped, period.
Example:
  Description: escape HTML special characters in plain text
   EscapeHTML converts all &, < and > characters into &amp;, &lt; and
   &gt;.

There is no case where they must not be escaped.

Denis

Reply to:

Follow-Ups:
- Bug#181872: Patch
  - From: Andrew Shugg <andrew@neep.com.au>

References:
- Bug#181872: Patch
  - From: barbier@linuxfr.org (Denis Barbier)
- Bug#181872: Patch
  - From: Josip Rodin <joy@srce.hr>
- Bug#181872: Patch
  - From: Frank Lichtenheld <frank@lichtenheld.de>

Prev by Date: sesssion
Next by Date: richiesta
Previous by thread: Bug#181872: Patch
Next by thread: Bug#181872: Patch
Index(es):
- Date
- Thread