Closed Bug 404198 Opened 17 years ago Closed 16 years ago

Links from feed not properly escaped

Categories

(MailNews Core :: Feed Reader, defect)

Product:
MailNews Core
Component:
Feed Reader
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Thunderbird 3.0a3

People

(Reporter: bugzilla.mozilla.org-3, Assigned: bugzilla.mozilla.org-3)

Details

Attachments

(1 file, 1 obsolete file)

Escape HTML entities (updated patch)
3.11 KB, patch
mkmelin
: review+
Details | Diff | Splinter Review 
When reading feeds, the link is not properly escaped when generating the HTML page used in the preview pane.

If a feed contains a reference to the following URL:
  http://example.org/foo?bar©

i.e. if the RSS file contains this:
  <link>http://example.org/foo?bar&amp;copy;</link>

then the generated HTML contains the following (you can see it with View Source):
  <iframe id ="_mailrssiframe" src="http://example.org/foo?bar&copy;">
    Lorem ipsum
  </iframe>

The "&copy;" part of the URL is treated as an HTML entity and is translated to a copyright sign (©), so the the URL that is loaded is this:
  http://example.org/foo?bar%C2%A9
Attached patch Escape HTML entities (obsolete) — Splinter Review 
In this specific case it may be sufficient to only escape "&", but I escape the other characters just to be safe.
Attachment #289178 - Flags: review?(mscott)

        Attachment #289178 -
        Attachment is obsolete: true

        Attachment #289207 -
        Flags: review?(mscott)

        Attachment #289178 -
        Flags: review?(mscott)

    
    

    
  
Why not &apos; for escaping of ' ?

    
    

    
  
Because (In reply to comment #3)
> Why not &apos; for escaping of ' ?
The entities are used in an HTML document (at least it looks like HTML, though it doesn't have a DOCTYPE - but it definately isn't XHTML). &apos; is defined in XML (including XHTML) but not in HTML.

Appearently Gecko does support &apos; in HTML documents, though, and &apos; will be defined in the next version of HTML, so I guess there is no harm in using it, though I'd suggest we stick with HTML 4.01 and &#39; as long as Gecko's support for HTML5 is so limited as it currently is.

    
    

    
  
Comment on attachment 289207 [details] [diff] [review]
Escape HTML entities (updated patch)

This patch still seems to apply.

        Attachment #289207 -
        Flags: review?(mscott) → review?(mkmelin+mozilla)
Assignee: nobody → bugzilla.mozilla.org-1

        Attachment #289207 -
        Flags: review?(mkmelin+mozilla) → review+

    
    

    
  
Comment on attachment 289207 [details] [diff] [review]
Escape HTML entities (updated patch)

Sorry for the delay, this looks good. 

pushed to c-c; changeset: 338:2af3ef0df217

http://hg.mozilla.org/comm-central/rev/2af3ef0df217

    
    

    
  
->FIXED
Status: NEW → RESOLVED
Closed: 16 years ago
OS: Linux → All
Hardware: PC → All
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 3.0b1

    
  
Component: RSS → Feed Reader
Product: Thunderbird → MailNews Core

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: