|
|
|
Issue 76 of
Bug Tracker for COREBlog
[COREBlog Bugs]
|
| Title: |
Attributes are not properly quoted
|
| Status: |
Accepted
|
Security |
related:
No
|
| Description: |
HTML requires ampersands in attributes to be quoted.
<a href="http://www.google.com/search?q=test&start=0">
does not validate, but
<a href="...
|
| From: |
snej
|
on: |
Oct 6, 04 14:45
|
| |
snej
|
Last update:
|
Jan 28, 05 04:34
|
| Topic/class: |
COREBlog/bug+solution
|
Importance:
|
medium
|
| Version info: |
0.73b, 0.74b |
| Assigned: |
ats
|
| Uploads: |
|
|
Issue 76 Transcript
|
|
2 entries
|
= Accept - Entry #2 by ats on Jan 28, 2005 4:34 am
Status: Pending => Accepted
Supporters added: ats
Sorry.
I'll see your patch(thanks!).
Please give me some time...
________________________________________
= Request - Entry #1 by snej on Oct 6, 2004 2:45 pm
Uploaded: quoteattr.patch
HTML requires ampersands in attributes to be quoted.
<a href="http://www.google.com/search?q=test&start=0">
does not validate, but
<a href="http://www.google.com/search?q=test&;start=0">
does.
A patch for stripogram/html2safehtml.py is attached.
It requires xml.sax.saxutils, but it would be easy to move the quoteattr function into stripogram if you want to strip this dependency.
|
|
|
Log in
Forgot your password?
