[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#181872: Patch

On Wed, Apr 16, 2003 at 10:18:27PM +0800, Andrew Shugg wrote:
> Denis Barbier said:
> > Nope, ampersnads must be escaped, period.
> > Example:
> >   Description: escape HTML special characters in plain text
> >    EscapeHTML converts all &, < and > characters into &amp;, &lt; and
> >    &gt;.
> > 
> > There is no case where they must not be escaped.
> 
> That's right, and the solution I proposed (to 'normalise' the entities,
> is that the right word?) will do that.
> 
> To clarify what I outlined in #186740, if you were to start with this
> sort of string:
> 
>   &foo blah &amp; <url>
> 
> you would end up with this in the HTML:
> 
>   &amp;foo blah &amp; &lt;url&gt;
> 
> which would be rendered in the browser (ie entities decoded) like this:
> 
>   &foo blah & <url>

That seems mad to me. If I write &amp; in a package description, I want
&amp; in the output. You seem to be saying that Denis' example above
should be displayed in a browser as:

  EscapeHTML converts all &, < and > characters into &, < and >.

HTML-encoding some characters but not others would break this entirely
legitimate description. This is clearly wrong. Descriptions aren't HTML
and should never be interpreted (partially or otherwise) as if they
were.

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]
Reply to: