William Stein wrote: > On Fri, Feb 13, 2009 at 10:41 AM, Jason Grout > <[email protected]> wrote: >> mabshoff wrote: >>> >>> On Feb 13, 10:10 am, Harald Schilly <[email protected]> wrote: >>> >>> Hi, >>> >>>> I got a bug report from the "report a problem" link in the notebook >>>> about html character escaping. >>>> It's inconsistent because it escapes html tags, but not &...; special >>>> html characters. >>>> I'm posting this to start a discussion if this is a bug or not or >>>> other implicatoins... >>>> >>>> Example: >>>> >>>> In >>>> >>>> print "& & ¬" >>>> print "<b>foo</b>" >>>> html("& & ¬") >>>> html("<b>foo</b>") >>>> >>>> Out >>>> >>>> & & ¬ <<< should be "& & ¬" >>>> (but the browser interprets the html characters >>>> and it looks different) >>>> <b>foo</b> >>>> & & ¬ >>>> *foo* <<< in bold >>> Hmm, there was some recent bugfix about a similar problem for TinyMCE >>> IIRC, so it does sound familiar. Have you tried 3.3.rc0 to see if the >>> problem is still there? >>> >> Yes, this still happens on rc0. The problem fixed before was not on >> TinyMCE per se, but on the escaping when dealing with the edit mode. >> >> I see lots of places that only < is escaped, and not &, in notebook.py, >> cell.py, etc. Would it be fairly safe to, whenever we escape <, escape >> & as well? > > That seems like a very good idea. > > I can tell you why < is escaped frequently, but & isn't: I didn't know > that one needs to escape & when I was writing that code in the > notebook. > > It would be best to factor out any code that escapes < into a new > function that does all escapes, then have it do both < and &.
Gee, if we were doing that, we might as well use one of the standard python functions for this: http://docs.python.org/library/cgi.html#cgi.escape http://docs.python.org/library/xml.sax.utils.html#xml.sax.saxutils.escape or if you plan to use the result as a quoted string, like in an attribute value: http://docs.python.org/library/xml.sax.utils.html#xml.sax.saxutils.quoteattr Jason --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/sage-devel URLs: http://www.sagemath.org -~----------~----~----~----~------~----~------~--~---
