Doctor doesn't escape line break characters properly

RESOLVED FIXED

Status

Webtools Graveyard
Doctor
RESOLVED FIXED
16 years ago
2 years ago

People

(Reporter: myk, Assigned: myk)

Tracking

Details

Attachments

(2 attachments)

(Assignee)

Description

16 years ago
When transferring form data in hidden form fields from server to client, Doctor
escapes newlines as &nl; and carriage returns as &cr;.  This is necessary
because the HTML spec says clients should remove line break characters from HTML
attributes.

Doctor doesn't escape the natural occurrence of &nl; and &cr;, however, which
means that in the unlikely situation that those characters appear in a document
being edited with Doctor, those characters will get translated into line break
characters instead of retaining their original meaning.

Doctor should use "\n" for newlines and \r for carriage returns instead, then
escape the backslash character with \\.
(Assignee)

Comment 1

16 years ago
Created attachment 82683 [details] [diff] [review]
patch v1: fixes problem

This patch fixes the problem by re-implementing the line break mechanism to use
\r for carriage returns, \n for line feeds, and \\ for literal backslashes.
(Assignee)

Comment 2

16 years ago
Checking in doctor.cgi;
/cvsroot/mozilla/webtools/doctor/doctor.cgi,v  <--  doctor.cgi
new revision: 1.3; previous revision: 1.2
done
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED
(Assignee)

Comment 3

16 years ago
Created attachment 82716 [details] [diff] [review]
patch v2: corrects perl syntax issue

uses $1 instead of \1
(Assignee)

Comment 4

16 years ago
Checking in doctor.cgi;
/cvsroot/mozilla/webtools/doctor/doctor.cgi,v  <--  doctor.cgi
new revision: 1.4; previous revision: 1.3
done
QA Contact: asa → doctor
Product: Webtools → Webtools Graveyard
You need to log in before you can comment on or make changes to this bug.