[jira] Created: (SHINDIG-915) Ampersands in attributes not handled properly by Neko HTML parser code

Adam Winer (JIRA) Fri, 13 Feb 2009 11:33:26 -0800

Ampersands in attributes not handled properly by Neko HTML parser code
----------------------------------------------------------------------


                 Key: SHINDIG-915
                 URL: https://issues.apache.org/jira/browse/SHINDIG-915
             Project: Shindig
          Issue Type: Bug
            Reporter: Adam Winer
            Priority: Trivial


Content like:
  <span title="&amp;lt;">content</span>
gets serialized out to:
  <span title="&lt;">content</span>
... so instead of showing "&lt;" as a tooltip, you'd just get "<".  I don't see 
any security implications on modern browsers, so priority is very low.

The fix is to change NekoSimplifiedHtmlParser and NekoSerializer to escape & in 
attributes to &amp;. The existing code only escapes " to &quot;.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Created: (SHINDIG-915) Ampersands in attributes not handled properly by Neko HTML parser code

Reply via email to