Bug#181872: Patch
Denis Barbier said:
> On Tue, Apr 15, 2003 at 06:56:23PM +0200, Frank Lichtenheld wrote:
> > I think, the solution presented by Andrew Shugg in #186740 is the
> > right way to go.
>
> Nope, ampersnads must be escaped, period.
> Example:
> Description: escape HTML special characters in plain text
> EscapeHTML converts all &, < and > characters into &, < and
> >.
>
> There is no case where they must not be escaped.
>
> Denis
That's right, and the solution I proposed (to 'normalise' the entities,
is that the right word?) will do that.
To clarify what I outlined in #186740, if you were to start with this
sort of string:
&foo blah & <url>
you would end up with this in the HTML:
&foo blah & <url>
which would be rendered in the browser (ie entities decoded) like this:
&foo blah & <url>
The last line is what we _see_, but the second last line is what is
actually in the HTML. I'm not sure I described it clearly enough in
#186740, sorry. Valid HTML entities will be normalised, everything else
will be preserved.
Andrew.
--
Andrew Shugg <andrew@neep.com.au> http://www.neep.com.au/
"Just remember, Mr Fawlty, there's always someone worse off than yourself."
"Is there? Well I'd like to meet him. I could do with a good laugh."
Reply to: