Arvind Srinivasan <arvi.sriniva...@sun.com> wrote: > The changesets on the History page don't seem to be clickable. > http://src.opensolaris.org/source/history/webstack/php5/
speaking of that output, could someone please make it valid? it's probably XSSable (although hopefully no one actually bothers) here's an example: <a href="http://www.opensolaris.org/viewProfile.jspa?username="Sriram Natarajan <sriram.natara...@sun.com>"">"Sriram Natarajan <sriram.natara...@sun.com>"</a> Note that the username field includes quotes but they're the same quotes that are used by the href attribute. If you use view-source in firefox, it'll color the tags red and purple in places which are clearly not intended. The parsing is basically {invalid-unclosed-tag}<a href=" {attribute}http://www.opensolaris.org/viewProfile.jspa?username={!} "Sriram Natarajan {!} {tag}<sriram.natara...@sun.com>{!} "">"Sriram Natarajan {tag}<sriram.natara...@sun.com>{!} " {tag}</a>{!} The correct thing to do is to html_quote the username thing (in perl, that'd be: $username =~ s/&/&/g; $username =~ s/"/"/g; $username =~ s/>/>/g; $username =~ s/</</g; ) that'd give for the first part, this: <a href="http://www.opensolaris.org/viewProfile.jspa?username="Sriram Natarajan <sriram.natara...@sun.com>""> and for the second part, this: "Sriram Natarajan <sriram.natara...@sun.com>"" </a> _______________________________________________ tools-discuss mailing list tools-discuss@opensolaris.org
