Closed
Bug 404198
Opened 17 years ago
Closed 16 years ago
Links from feed not properly escaped
Categories
(MailNews Core :: Feed Reader, defect)
MailNews Core
Feed Reader
Tracking
(Not tracked)
RESOLVED
FIXED
Thunderbird 3.0a3
People
(Reporter: bugzilla.mozilla.org-3, Assigned: bugzilla.mozilla.org-3)
Details
Attachments
(1 file, 1 obsolete file)
3.11 KB,
patch
|
mkmelin
:
review+
|
Details | Diff | Splinter Review |
When reading feeds, the link is not properly escaped when generating the HTML page used in the preview pane. If a feed contains a reference to the following URL: http://example.org/foo?bar© i.e. if the RSS file contains this: <link>http://example.org/foo?bar&copy;</link> then the generated HTML contains the following (you can see it with View Source): <iframe id ="_mailrssiframe" src="http://example.org/foo?bar©"> Lorem ipsum </iframe> The "©" part of the URL is treated as an HTML entity and is translated to a copyright sign (©), so the the URL that is loaded is this: http://example.org/foo?bar%C2%A9
Assignee | ||
Comment 1•17 years ago
|
||
In this specific case it may be sufficient to only escape "&", but I escape the other characters just to be safe.
Attachment #289178 -
Flags: review?(mscott)
Assignee | ||
Comment 2•17 years ago
|
||
Attachment #289178 -
Attachment is obsolete: true
Attachment #289207 -
Flags: review?(mscott)
Attachment #289178 -
Flags: review?(mscott)
Comment 3•17 years ago
|
||
Why not ' for escaping of ' ?
Assignee | ||
Comment 4•17 years ago
|
||
Because (In reply to comment #3) > Why not ' for escaping of ' ? The entities are used in an HTML document (at least it looks like HTML, though it doesn't have a DOCTYPE - but it definately isn't XHTML). ' is defined in XML (including XHTML) but not in HTML. Appearently Gecko does support ' in HTML documents, though, and ' will be defined in the next version of HTML, so I guess there is no harm in using it, though I'd suggest we stick with HTML 4.01 and ' as long as Gecko's support for HTML5 is so limited as it currently is.
Comment 5•16 years ago
|
||
Comment on attachment 289207 [details] [diff] [review] Escape HTML entities (updated patch) This patch still seems to apply.
Attachment #289207 -
Flags: review?(mscott) → review?(mkmelin+mozilla)
Updated•16 years ago
|
Assignee: nobody → bugzilla.mozilla.org-1
Updated•16 years ago
|
Attachment #289207 -
Flags: review?(mkmelin+mozilla) → review+
Comment 6•16 years ago
|
||
Comment on attachment 289207 [details] [diff] [review] Escape HTML entities (updated patch) Sorry for the delay, this looks good. pushed to c-c; changeset: 338:2af3ef0df217 http://hg.mozilla.org/comm-central/rev/2af3ef0df217
Comment 7•16 years ago
|
||
->FIXED
Status: NEW → RESOLVED
Closed: 16 years ago
OS: Linux → All
Hardware: PC → All
Resolution: --- → FIXED
Updated•16 years ago
|
Target Milestone: --- → Thunderbird 3.0b1
You need to log in
before you can comment on or make changes to this bug.
Description
•