Closed Bug 301156 Opened 19 years ago Closed 15 years ago

HTML encoding fixes

Categories

(Bugzilla :: Bugzilla-General, defect)

Product:
Bugzilla
Component:
Bugzilla-General
Version:
2.21
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: selsky, Unassigned)

Details

Attachments

(1 file)

Fixes encoding.
13.12 KB, patch
goobix
: review-
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4

There are a bunch of places where '&' needs to be converted to '&', etc. 
The HTML Validator plugin for FireFox is very helpful in finding these problems.

Reproducible: Always
Attached patch Fixes encoding.Splinter Review 

    
  

        Attachment #189644 -
        Flags: review?

    
    

    
  
You may wish to look at http://www.bugzilla.org/reviewer-list.html to see who to
ask for review. If you ask for review "from the wind" (as it is now) it might
never actually get done.
Assignee: general → selsky

    
  

        Attachment #189644 -
        Flags: review? → review?(mkanat)

    
    

    
  
Oops, that URL should have been:

http://www.bugzilla.org/docs/reviewer-list.html

I am definitely not the correct reviewer. :-)

    
  

        Attachment #189644 -
        Flags: review?(mkanat) → review?(myk)

    
  
Version: unspecified → 2.21

    
    

    
  
Comment on attachment 189644 [details] [diff] [review]
Fixes encoding.

Per http://template-toolkit.org/docs/default/Manual/Filters.html#html , the
"FILTER html" thing in Template Toolkit "converts the characters '<', '>' and
'&' to '&lt;', '&gt;' and '&amp;', respectively".

In:

--- template/en/default/admin/groups/edit.html.tmpl	18 Feb 2005 16:38:42
-0000	   1.5
+++ template/en/default/admin/groups/edit.html.tmpl	18 Jul 2005 02:29:00
-0000

you have:

-	   <a href="[% "editgroups.cgi?action=changeform&group=${group.grpid}"
FILTER html %]">
+	   <a href="[%
"editgroups.cgi?action=changeform&amp;group=${group.grpid}" FILTER html %]">

which passes "&amp;" to the html filter. That would transform it into
"&amp;amp;", which is wrong.

I'd be happy to review the second version, in which the case above and all the
others (if any remaining) are fixed. Please request review from the wind if
that is the case.

        Attachment #189644 -
        Flags: review?(myk) → review-

    
    

    
  
mkanat, please stop modifying valid reviews from the wind. I've been involved in
open projects that have hundreds of "review" requests daily, and they use review
from the wind and are doing great. Both specific review and review from the wind
take statistically the same amount of time. If you can't guarantee a review
yourself, then don't assign it to a specific person. In this case, a number of
people would have been able to review the patch well before myk's.

Thank you.
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
Hardware: PC → All

    
    

    
  
I didn't modify it, the patch author did. :-) You are free to take any review
you feel qualified to give, as you know.

    
    

    
  
He did per your suggestion.

My reviews were not the topic. Again you're changing the topic. Oh well, I'll
stop trying.

    
    

    
  
(In reply to comment #5)
> mkanat, please stop modifying valid reviews from the wind. I've been involved in
> open projects that have hundreds of "review" requests daily, and they use review
> from the wind and are doing great.

They might well be, but we know from experience that *we* don't (unless someone
has very recently started actively taking on unassigned reviews, but if that's
the case, I can't fault anyone for not being used to it yet).  But this isn't
the place for this.  Mail mkanat (or me) privately if you have a problem with
the way he's doing things.  Bring it up on the developers list if you don't get
answers you like from him or myself.  Thanks!

    
    

    
  
Matt Selsky:
Only checked files the patch mentioned.
Below are still not fixed. are there other places to fix?
Note that escaping vars like title and atom that are passed to global/header.html.tmpl causes double escape ;-)
To avoid this, you'll have to check how the vars are used ;-)
template/en/default/admin/flag-type/list.html.tmpl     line 116
template/en/default/admin/groups/delete.html.tmpl      line 60, 91
template/en/default/attachment/edit.html.tmpl          line 107,275,280
template/en/default/bug/create/create-guided.html.tmpl line 125,126
template/en/default/reports/create-chart.html.tmpl     line 192

    
    

    
  
I think most places have been fixed in various bugs. If there are still some places broken, feel free to reopen this bug and enumerate places which need to be fixed. Marking as WFM for now.
Assignee: selsky → general
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: