Opened 15 years ago
Closed 14 years ago
#11445 closed (invalid)
truncatewords_html does'nt correctly detect html entities.
Reported by: | Cld | Owned by: | nobody |
---|---|---|---|
Component: | Template system | Version: | dev |
Severity: | Keywords: | truncatewords_html | |
Cc: | Triage Stage: | Accepted | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
truncatewords_html does'nt correctly detect html entities and detect '& something and something more ;' as a html entities.
text = 'john paul george & ringo are very ; good musicien'
django.template.defaultfilters.truncatewords_html(text,3) : u'john paul george ...'
django.template.defaultfilters.truncatewords_html(text,4) : u'john paul george & ringo are very ; good ...'
Change History (8)
comment:1 by , 15 years ago
comment:2 by , 15 years ago
Yes, but you can always had bad data from external data source. And an entities can't be with a space, in this cas "& " need to be ignore.
comment:3 by , 15 years ago
Err, filters are merely display functions. Validation should be done way before data even reaches a filter!
follow-up: 5 comment:4 by , 15 years ago
In all case, &'space'something'space'; need to be considerate has separate charactere and not and html entities (an entities can't contains space and bad or unknow entities need to be display has is)
comment:5 by , 15 years ago
Replying to Cld:
In all case, &'space'something'space'; need to be considerate has separate charactere and not and html entities (an entities can't contains space and bad or unknow entities need to be display has is)
I opened up the HTML4.01 standard and looked at it. I'm not sure where you're getting your information for your arguments.
What you, in fact, should be doing is not allowing invalid HTML, it opens up for various security holes and it's easy to avoid.
comment:6 by , 15 years ago
Triage Stage: | Unreviewed → Accepted |
---|
comment:7 by , 14 years ago
I'm not sure why this was marked as accepted... JohnDoe's & seveas' argument is correct.
Can someone with the proper authority make a decision and (preferably) close the ticket as invalid?
comment:8 by , 14 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
Agreed - given invalid input, you cannot expect better, and the current output is no better or worse than the alternatives.
Your example is invalid html, you need & instead of &. I don't think you should blame this one on Django.