[jira] Closed: (SHINDIG-915) Ampersands in attributes not handled properly by Neko HTML parser code

Vincent Siveton (JIRA) Thu, 05 Mar 2009 04:12:22 -0800

     [ 
https://issues.apache.org/jira/browse/SHINDIG-915?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Vincent Siveton closed SHINDIG-915.
-----------------------------------

       Resolution: Fixed
    Fix Version/s: trunk
         Assignee: Vincent Siveton

fixed in [r750433|http://svn.apache.org/viewvc?rev=750433&view=rev]

> Ampersands in attributes not handled properly by Neko HTML parser code
> ----------------------------------------------------------------------
>
>                 Key: SHINDIG-915
>                 URL: https://issues.apache.org/jira/browse/SHINDIG-915
>             Project: Shindig
>          Issue Type: Bug
>            Reporter: Adam Winer
>            Assignee: Vincent Siveton
>            Priority: Trivial
>             Fix For: trunk
>
>
> Content like:
>   <span title="&amp;lt;">content</span>
> gets serialized out to:
>   <span title="&lt;">content</span>
> ... so instead of showing "&lt;" as a tooltip, you'd just get "<".  I don't 
> see any security implications on modern browsers, so priority is very low.
> The fix is to change NekoSimplifiedHtmlParser and NekoSerializer to escape & 
> in attributes to &amp;. The existing code only escapes " to &quot;.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (SHINDIG-915) Ampersands in attributes not handled properly by Neko HTML parser code

Reply via email to