[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [lmi] [PATCH] Escape strings inserted into HTML in group quotes repo
Re: [lmi] [PATCH] Escape strings inserted into HTML in group quotes report generation code
Fri, 28 Aug 2015 16:46:32 +0000
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.3.0
On 2015-08-27 18:14, Vadim Zeitlin wrote:
> After looking at the footer use, I've realized that it could be corrupted
> if it contained any special XML characters such as "<" or "&" and while
> this looks unlikely, it's better to guard against this, so the attached
> patch does just this. To see its effect, try using e.g. "<whatever>" as
> MarketingNameFootnote field value: it appears as expected in the report now
> whereas it was simply lost before.
Committed 20150828T1645Z, revision 6273.
I escaped 'report_data_.company_' in one more place where it was apparently
overlooked. I did the same for 'report_data_.premium_mode_ ', even though
that string comes from lmi and will certainly never contain any special
character--to treat similar things similarly I feel compelled--because
removing the escaping in the place that had it already looked worse than
adding it where it was missing. But wait...test before committing I must...
Subtle you are. Deliberate it was. Committed my mistaken changes were not.
This corporation name:
" ' xyz < & > ® xyz " '
comes through as intended. 'REGISTERED SIGN' (U+00AE) isn't special for XML,
but we'll need to use it in the banner, so I wanted to be sure it works.