View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0008539 | mantisbt | rss | public | 2007-11-02 11:11 | 2010-12-15 18:13 |
Reporter | deboutv | Assigned To | dhx | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.1.0rc2 | ||||
Target Version | 1.2.0 | Fixed in Version | 1.2.0 | ||
Summary | 0008539: Special (nominally HTML) characters are not parsed correctly in RSS feed output | ||||
Description | HTML tags are not escaped in the RSS feed. By example the tag <hr> must be escaped like this <hr> | ||||
Tags | No tags attached. | ||||
Attached Files | |||||
related to | 0010772 | new | RSS feed does not appear proper formatted in Google Chrome |
Initialy I wrote: <pre>&lt;hr&gt;</pre> See 0008540 about & escape bug. |
|
let test this then |
|
one question: is your installation set up to allow <hr> tags on comments? |
|
<b>bold test</b> |
|
Giallu, your question is a test or a real question to me? |
|
it was a real question, sorry for messing it up into other test comments :) Actually, I am not able to reproduce this on this tracker, nor on the mantisdemo one... |
|
Strange, see my snapshots of this bugtracker ;) In the RSS the description is not the same... |
|
Yes, I can reproduce that. but the actual sources for that feed item is (I hope it is preserved...) <item> <description>HTML tags are not escaped in the RSS feed. By example the tag <hr> must be escaped like this <hr></description> So it seems they are actually escaped, but to be consistent with web page we would need to escape again the ampersand (so double quoting) Looks reasonable? |
|
the first <hr> tag is not escaped... ? |
|
MantisBT: master-1.2.x 8f92d886 2010-02-07 20:53 Details Diff |
Fix 0008539: Special characters not parsed correctly in RSS output PHP's DOMDocument::createTextNode automatically escapes special characters within the node value. Therefore we don't need to double escape these special characters (in particular, the ampersand) using string_rss_links(...) when PHP already does the escaping for us. Use of DOMDocument::createCDATASection doesn't escape special characters and thus we still need to use string_rss_links(...) to do our own escaping of the description field. |
Affected Issues 0008539 |
|
mod - issues_rss.php | Diff File | ||
MantisBT: master aa058c53 2010-02-07 20:53 Details Diff |
Fix 0008539: Special characters not parsed correctly in RSS output PHP's DOMDocument::createTextNode automatically escapes special characters within the node value. Therefore we don't need to double escape these special characters (in particular, the ampersand) using string_rss_links(...) when PHP already does the escaping for us. Use of DOMDocument::createCDATASection doesn't escape special characters and thus we still need to use string_rss_links(...) to do our own escaping of the description field. |
Affected Issues 0008539 |
|
mod - issues_rss.php | Diff File |