[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#181872: Patch

Denis Barbier said:
> On Tue, Apr 15, 2003 at 06:56:23PM +0200, Frank Lichtenheld wrote:
> > I think, the solution presented by Andrew Shugg in #186740 is the
> > right way to go.
> 
> Nope, ampersnads must be escaped, period.
> Example:
>   Description: escape HTML special characters in plain text
>    EscapeHTML converts all &, < and > characters into &amp;, &lt; and
>    &gt;.
> 
> There is no case where they must not be escaped.
> 
> Denis

That's right, and the solution I proposed (to 'normalise' the entities,
is that the right word?) will do that.

To clarify what I outlined in #186740, if you were to start with this
sort of string:

  &foo blah &amp; <url>

you would end up with this in the HTML:

  &amp;foo blah &amp; &lt;url&gt;

which would be rendered in the browser (ie entities decoded) like this:

  &foo blah & <url>

The last line is what we _see_, but the second last line is what is
actually in the HTML.  I'm not sure I described it clearly enough in
#186740, sorry.  Valid HTML entities will be normalised, everything else
will be preserved.

Andrew.

-- 
Andrew Shugg <andrew@neep.com.au>                   http://www.neep.com.au/

"Just remember, Mr Fawlty, there's always someone worse off than yourself."
"Is there?  Well I'd like to meet him.  I could do with a good laugh."
Reply to: