[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lmi] [PATCH] Escape strings inserted into HTML in group quotes repo

From: Greg Chicares
Subject: Re: [lmi] [PATCH] Escape strings inserted into HTML in group quotes report generation code
Date: Fri, 28 Aug 2015 16:46:32 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.3.0

On 2015-08-27 18:14, Vadim Zeitlin wrote:
>  After looking at the footer use, I've realized that it could be corrupted
> if it contained any special XML characters such as "<" or "&" and while
> this looks unlikely, it's better to guard against this, so the attached
> patch does just this. To see its effect, try using e.g. "<whatever>" as
> MarketingNameFootnote field value: it appears as expected in the report now
> whereas it was simply lost before.

Committed 20150828T1645Z, revision 6273.

I escaped 'report_data_.company_' in one more place where it was apparently
overlooked. I did the same for 'report_data_.premium_mode_ ', even though
that string comes from lmi and will certainly never contain any special
character--to treat similar things similarly I feel compelled--because
removing the escaping in the place that had it already looked worse than
adding it where it was missing. But wait...test before committing I must...

Subtle you are. Deliberate it was. Committed my mistaken changes were not.

This corporation name:
  " ' xyz < & > ® xyz " '
comes through as intended. 'REGISTERED SIGN' (U+00AE) isn't special for XML,
but we'll need to use it in the banner, so I wanted to be sure it works.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]