cross
New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists
You are here: Foswiki>Tasks Web>Item10230 (05 Jul 2015, GeorgeClark)Edit Attach

Item10230: Non-ASCII chars in HTML tag attributes incorrectly de-encoded (need to stay URI-escaped).

pencil
Priority: Urgent
Current State: Closed
Released In: 2.0.0
Target Release: major
Applies To: Extension
Component: WysiwygPlugin
Branches: trunk
Reported By: PaulHarvey
Waiting For:
Last Change By: GeorgeClark
See Item9973. This probably shouldn't be a release blocker for 1.1.3.

-- PaulHarvey - 06 Jan 2011

Technically, it should be perfectly valid to have high-bit chars in HTML tag attribute values which are supposed to contain URIs.

However, the browser will always need to escape them first; and without any guidance, (all?) browsers re-encode the URI as unicode/utf-8, and escape that. So by the time the server sees the URI, if Foswiki has saved all the attachment filenames in the non-utf8 native charset, there can only be 404 not-found errors.

See Item5437 for more.

-- PaulHarvey - 16 Apr 2011

The course of action - for within WysiwygPlugin:
  • If we're already using {Site}{CharSet} = 'utf-8', do nothing.
  • Otherwise, pre-percent-escape href & src attributes in HTML tags in the original TML2HTML request.

-- PaulHarvey - 16 Apr 2011
 

ItemTemplate edit

Summary Non-ASCII chars in HTML tag attributes incorrectly de-encoded (need to stay URI-escaped).
ReportedBy PaulHarvey
Codebase 1.1.3 beta1, 1.1.2, 1.1.1, 1.1.0, 1.1.0 beta1, trunk
SVN Range
AppliesTo Extension
Component WysiwygPlugin
Priority Urgent
CurrentState Closed
WaitingFor
Checkins distro:cb3a0b281c19
TargetRelease major
ReleasedIn 2.0.0
CheckinsOnBranches trunk
trunkCheckins distro:cb3a0b281c19
Release01x01Checkins
Topic revision: r6 - 05 Jul 2015, GeorgeClark - This page was cached on 03 May 2018 - 00:29.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License