Bug Tracker item #2982523, was opened at 2010-04-06 16:25
Message generated for change (Tracker Item Submitted) made by nomde
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1126467&aid=2982523&group_id=250683
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: webui
Group: v3.9.0
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Michael (nomde)
Assigned to: Nobody/Anonymous (nobody)
Summary: History page escapes and truncates strings in wrong order
Initial Comment:
The history page escapes the < and > characters to their HTML entity and
truncates strings longer than $CONFIG{MAX_COL_LEN}. Unfortunately, it does so
in this order, which means if a < or > is present near the end of the string,
the user can get ">" or similar rendered by their browser when it encounters
an incomplete entity.
The attached patch moves the truncation so it occurs before the special
characters are replaced by their entities, to give the desired behaviour. It
also replaces &, " and ' with their appropriate entities. The & is probably the
only additional one that's strictly necessary, but I figure the others can't
hurt.
Finally, it also takes 3 characters less than the maximum column length from
long strings, in order to compensate for the 3 characters it's adding. Whether
or not the actual number of characters is important is left to the maintainer
to decide.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1126467&aid=2982523&group_id=250683
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Dspam-devel mailing list
Dspam-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-devel
