When transferring form data in hidden form fields from server to client, Doctor escapes newlines as &nl; and carriage returns as &cr;. This is necessary because the HTML spec says clients should remove line break characters from HTML attributes. Doctor doesn't escape the natural occurrence of &nl; and &cr;, however, which means that in the unlikely situation that those characters appear in a document being edited with Doctor, those characters will get translated into line break characters instead of retaining their original meaning. Doctor should use "\n" for newlines and \r for carriage returns instead, then escape the backslash character with \\.
Created attachment 82683 [details] [diff] [review] patch v1: fixes problem This patch fixes the problem by re-implementing the line break mechanism to use \r for carriage returns, \n for line feeds, and \\ for literal backslashes.
Checking in doctor.cgi; /cvsroot/mozilla/webtools/doctor/doctor.cgi,v <-- doctor.cgi new revision: 1.3; previous revision: 1.2 done
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED
Created attachment 82716 [details] [diff] [review] patch v2: corrects perl syntax issue uses $1 instead of \1
Checking in doctor.cgi; /cvsroot/mozilla/webtools/doctor/doctor.cgi,v <-- doctor.cgi new revision: 1.4; previous revision: 1.3 done
You need to log in before you can comment on or make changes to this bug.