You are here: Foswiki>Tasks Web>Item12407 (19 Jul 2015, GeorgeClark)Edit Attach

Item12407: compare script deescapes character entities

Priority: Security
Current State: Closed
Released In: 2.0.0
Target Release: major
Applies To: Extension
Component: CompareRevisionsAddOn
Branches: Release01x01 trunk
Reported By: BjoernKautler
Waiting For:
Last Change By: GeorgeClark
I have a page with <pre> and <verbatim> on it. Escaped with character entities, so that it is displayed in normal topic view as text. For normal topic view this also works correctly. But the compare script deescapes those characters and makes them normal HTML tags which of course breaks the view. It is broken no matter what render parameter is set to.

-- BjoernKautler - 27 Feb 2013

Hm, for me


return $element->as_HTML( '', undef, {} );


return $element->as_HTML( '<>&', undef, {} );

in seems to fix the issue. Or does this break anything else?

-- BjoernKautler - 27 Feb 2013

There is a flag to not decode entities when building the Tree. Enabling that seems to resolve the issue.

-- GeorgeClark - 02 May 2014

For this flag, Item12337 may be relevant...

-- JanKrueger - 02 May 2014

Thanks for the fix BjoernKautler, Item12337 points out that the flag is only available in HTML::TreeBuilder > 4.0, which would complicate dependencies.

-- GeorgeClark - 02 May 2014

Unfortunately this fix doesn't completely work.

If the <pre> tag is in un-modified text then the as_HTML routine is called and the entities remain encoded. However if it's part of the modified section, then the code needs to return the HTML with the added class, and then encoding doesn't happen.

So far I'm not getting anywhere. The fix based upon HTML::Tree version 4 works fine.

Worse, it's working fine on but failing with local tests.

-- GeorgeClark - 03 May 2014

Extension has been uploaded, but task is "Waiting for release" until included in a Foswiki release.

-- GeorgeClark - 07 May 2014
Topic revision: r23 - 19 Jul 2015, GeorgeClark - This page was cached on 15 Jan 2020 - 22:09.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy