Code

Opened 5 years ago

Closed 3 years ago

#11445 closed (invalid)

truncatewords_html does'nt correctly detect html entities.

Reported by: Cld Owned by: nobody
Component: Template system Version: master
Severity: Keywords: truncatewords_html
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

truncatewords_html does'nt correctly detect html entities and detect '& something and something more ;' as a html entities.

text = 'john paul george & ringo are very ; good musicien'

django.template.defaultfilters.truncatewords_html(text,3) : u'john paul george ...'

django.template.defaultfilters.truncatewords_html(text,4) : u'john paul george & ringo are very ; good ...'

Attachments (0)

Change History (8)

comment:1 Changed 5 years ago by seveas

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

Your example is invalid html, you need & instead of &. I don't think you should blame this one on Django.

comment:2 Changed 5 years ago by Cld

Yes, but you can always had bad data from external data source. And an entities can't be with a space, in this cas "& " need to be ignore.

comment:3 Changed 5 years ago by seveas

Err, filters are merely display functions. Validation should be done way before data even reaches a filter!

comment:4 follow-up: Changed 5 years ago by Cld

In all case, &'space'something'space'; need to be considerate has separate charactere and not and html entities (an entities can't contains space and bad or unknow entities need to be display has is)

comment:5 in reply to: ↑ 4 Changed 5 years ago by JohnDoe

Replying to Cld:

In all case, &'space'something'space'; need to be considerate has separate charactere and not and html entities (an entities can't contains space and bad or unknow entities need to be display has is)

I opened up the HTML4.01 standard and looked at it. I'm not sure where you're getting your information for your arguments.
What you, in fact, should be doing is not allowing invalid HTML, it opens up for various security holes and it's easy to avoid.

comment:6 Changed 5 years ago by Alex

  • Triage Stage changed from Unreviewed to Accepted

comment:7 Changed 3 years ago by vanschelven

I'm not sure why this was marked as accepted... JohnDoe's & seveas' argument is correct.

Can someone with the proper authority make a decision and (preferably) close the ticket as invalid?

comment:8 Changed 3 years ago by lukeplant

  • Resolution set to invalid
  • Status changed from new to closed

Agreed - given invalid input, you cannot expect better, and the current output is no better or worse than the alternatives.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.