[jira] [Commented] (YETUS-457) RDM does not properly escape entities

Wed, 07 Sep 2016 15:14:47 -0700 

    [ 
https://issues.apache.org/jira/browse/YETUS-457?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15471950#comment-15471950
 ] 

Andrew Wang commented on YETUS-457:
-----------------------------------

{code}
    def write_list(self, mylist):
        for jira in sorted(mylist):
            line = '| [%s](' + BASE_URL + '/browse/%s) ' +\
                   '| %s |  %s | %s | %s | %s |\n'
            line = line % (sanitize_text(jira.get_id()),
                           sanitize_text(jira.get_id()),
                           sanitize_text(jira.get_summary()),
                           sanitize_text(jira.get_priority()),
                           format_components(jira.get_components()),
                           sanitize_text(jira.get_reporter()),
                           sanitize_text(jira.get_assignee()))
            self.write_key_raw(jira.get_project(), line)
{code}

It seems like a bug that the JIRA ID to form the URL is going through 
sanitize_text. If we are worried about special characters in JIRA IDs, then I 
think it should be going through URL encoding instead of markdown escaping. If 
not, we may as well pass the JIRA ID through direct, and for the link text too.

Are there any other bugs from doing aggressive escaping? I understand that 
Markdown can sometimes avoid the need for escaping by looking at context, but 
it seems like a "better safe than sorry" situation. Plus the advantages if it 
helps support other MD parsers.

I think we should also still escape the HTML entities, since there could be a 
JIRA with a summary like "Add missing <i> tag", which would be picked up as 
inline HTML and not auto-escaped by Markdown. We'd want this displayed 
literally though.

> RDM does not properly escape entities
> -------------------------------------
>
>                 Key: YETUS-457
>                 URL: https://issues.apache.org/jira/browse/YETUS-457
>             Project: Yetus
>          Issue Type: Bug
>    Affects Versions: 0.3.0
>            Reporter: Andrew Wang
>            Assignee: Andrew Wang
>            Priority: Critical
>         Attachments: YETUS-457.001.patch, YETUS-457.002.patch
>
>
> Noticed while browsing the Hadoop 3.0.0-alpha1 changelog. Quotes and possibly 
> some other entities are not escaped properly, leading to malformed markdown 
> output.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to