I would like to point out that modules downloaded from a source other than an
endorsed repository could contain all kinds of stuff the user might not like.
The entire module is suspect. The .conf file is the least of worries.
I am not concerned about escaping other markup. The official position
mobile. Please forgive shortness, typos and weird autocorrects. Original Message Subject: Re: [sword-devel] RTFHTML filter not escaping HTML entitiesFrom: David Haslam To: SWORD Developers' Collaboration Forum CC:One potential risk would be from modules manually installed after
One potential risk would be from modules manually installed after being
downloaded from somewhere we have no connection with.
For the repositories in our MRL, the risk should be much lower, providing the
release procedure includes adequate human inspection of the .conf file.
David
Sent from
What is the likelihood/risk of an untrustworthy conf?
— DM Smith
From my phone. Brief. Weird autocorrections.
On Dec 30, 2018, at 4:14 PM, Jaak Ristioja wrote:
>> It looks like BibleTime, too, is guilty of not properly escaping those.
>
> Actually it seems that the RTFHTML filter in Sword
> It looks like BibleTime, too, is guilty of not properly escaping those.
Actually it seems that the RTFHTML filter in Sword (and Sword++ for that
matter) does not properly escape HTML entities included in the RTF. So
if the RTF includes or any other HTML tags, these are passed on
unmodified,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 21.05.2014 19:44, Greg Hellings wrote:
On May 21, 2014 8:00 AM, Jaak Ristioja j...@ristioja.ee wrote:
So this means that actually we want non-standard RTF (someone
should update the wiki). Should we assume UTF-8? Are you sure we
don't have any
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 21.05.2014 20:05, Greg Hellings wrote:
The RTFHTML filter code appears to incorrectly parse the
following strings:
\u-99 - getUTF8FromUniChar(48577) \u-9 -
getUTF8FromUniChar(31073) \u-0001 - getUTF8FromUniChar(65535)
\u-00 -
The Encoding field drives the encoding of the file. When not present use the
default.
The front end should never read the file. It is the engine's responsibility to
do the reading. It is not the reading of the file that may need to be done
twice but rather the byte stream/buffer from the file.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
So this means that actually we want non-standard RTF (someone should
update the wiki). Should we assume UTF-8? Are you sure we don't have any
modules with ISO-8859-something encoded values?
If we choose any ASCII superset encoding we have to consider
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
To sum up, we would need to agree on and specify a RTF subset which is
Unicode-aware (UTF-8 only?), and implement an Unicode-aware transducer
for it.
On 21.05.2014 15:59, Jaak Ristioja wrote:
So this means that actually we want non-standard RTF
The encoding of the conf is either cp1252 (the default, but called latin 1) or
utf-8. The encoding of the conf matches that of the module. This may cause the
conf to be read twice once for the default and once for UTF-8, if the module
encoding is set to UTF-8.
There have been confs that are
On May 21, 2014 8:00 AM, Jaak Ristioja j...@ristioja.ee wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
So this means that actually we want non-standard RTF (someone should
update the wiki). Should we assume UTF-8? Are you sure we don't have any
modules with ISO-8859-something encoded
Greg
On May 19, 2014 5:12 PM, Jaak Ristioja j...@ristioja.ee wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi!
1) According to http://www.crosswire.org/wiki/DevTools:conf_Files the
\u control word should be followed by a 16-bit signed integer. The
wiki page doesn't mention this,
Take care with Right to Left languages such as Hebrew.
i.e. After any patches to the filter, please include some testing for BiDi
text in the About= field and others.
David
--
View this message in context:
http://sword-dev.350566.n4.nabble.com/RTFHTML-filter-bugs-tp4653969p4653970.html
Sent
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi!
1) According to http://www.crosswire.org/wiki/DevTools:conf_Files the
\u control word should be followed by a 16-bit signed integer. The
wiki page doesn't mention this, but I assume it is in ASCII in decimal
form.
The RTFHTML filter code appears
Similar to my question about the Plain filters:
Is anyone using the RTFHTML filter?
It supports only four RTF tags. I believe this was used by BibleTime to
convert RTF in .conf About values to HTML. Is it still used by
BibleTime? Is it used elsewhere?
--Chris
What does SwordWEB use to display About from the conf? Does SWORD have any
other code that translates the RTF unicode markup that is in some confs? How
would any frontend handle the 4 RTF codes?
How do other frontends handle the RTF in the About?
Is there a plan for the conf to go to a
Both Eloquent and PS have our own (shared) code that handles the 4 RTF codes,
so we're fine. :)
I guess ideally it would be better to switch the About conf stuff to html, but
there's no urgent need in my books... :)
Thanks, ybic
nic... :)
On 24/06/2013, at 9:30 PM, DM Smith
A huge proportion of our module conf files make use of the RTF tag \par as
documented in
http://crosswire.org/wiki/DevTools:conf_Files
Some make use of \pard and \qc
A few even make use of \u{num}? - for Unicode characters in those files not
encoded as UTF-8.
So the question arises, if you
BibleTime still uses it in the method getFormattedConfigEntry.
Xiphos does not invoke the filter directly anywhere in its code.
--Greg
On Mon, Jun 24, 2013 at 6:12 AM, Chris Little chris...@crosswire.orgwrote:
Similar to my question about the Plain filters:
Is anyone using the RTFHTML
Hi Chris,
I thought BPBible used it, but it turns out I was wrong. We just run a a
list of 6 or 7 regex replacements over the RTF string which presumably were
meant to cover every case that has been thrown at us so far. Haven't heard
of any cases it doesn't work for.
Jon
On Mon, Jun 24, 2013
21 matches
Mail list logo