Opened 7 years ago

Closed 6 years ago

#11445 closed (invalid)

truncatewords_html does'nt correctly detect html entities.

Reported by: Cld Owned by: nobody
Component: Template system Version: master
Severity: Keywords: truncatewords_html
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

truncatewords_html does'nt correctly detect html entities and detect '& something and something more ;' as a html entities.

text = 'john paul george & ringo are very ; good musicien'

django.template.defaultfilters.truncatewords_html(text,3) : u'john paul george ...'

django.template.defaultfilters.truncatewords_html(text,4) : u'john paul george & ringo are very ; good ...'

Change History (8)

comment:1 Changed 7 years ago by Dennis Kaarsemaker

Needs documentation: unset
Needs tests: unset
Patch needs improvement: unset

Your example is invalid html, you need & instead of &. I don't think you should blame this one on Django.

comment:2 Changed 7 years ago by Cld

Yes, but you can always had bad data from external data source. And an entities can't be with a space, in this cas "& " need to be ignore.

comment:3 Changed 7 years ago by Dennis Kaarsemaker

Err, filters are merely display functions. Validation should be done way before data even reaches a filter!

comment:4 Changed 7 years ago by Cld

In all case, &'space'something'space'; need to be considerate has separate charactere and not and html entities (an entities can't contains space and bad or unknow entities need to be display has is)

comment:5 in reply to:  4 Changed 7 years ago by JohnDoe

Replying to Cld:

In all case, &'space'something'space'; need to be considerate has separate charactere and not and html entities (an entities can't contains space and bad or unknow entities need to be display has is)

I opened up the HTML4.01 standard and looked at it. I'm not sure where you're getting your information for your arguments.
What you, in fact, should be doing is not allowing invalid HTML, it opens up for various security holes and it's easy to avoid.

comment:6 Changed 7 years ago by Alex Gaynor

Triage Stage: UnreviewedAccepted

comment:7 Changed 6 years ago by Klaas van Schelven

I'm not sure why this was marked as accepted... JohnDoe's & seveas' argument is correct.

Can someone with the proper authority make a decision and (preferably) close the ticket as invalid?

comment:8 Changed 6 years ago by Luke Plant

Resolution: invalid
Status: newclosed

Agreed - given invalid input, you cannot expect better, and the current output is no better or worse than the alternatives.

Note: See TracTickets for help on using tickets.
Back to Top