Opened 15 years ago

Closed 13 years ago

#11445 closed (invalid)

truncatewords_html does'nt correctly detect html entities.

Reported by: Cld Owned by: nobody
Component: Template system Version: dev
Severity: Keywords: truncatewords_html
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

truncatewords_html does'nt correctly detect html entities and detect '& something and something more ;' as a html entities.

text = 'john paul george & ringo are very ; good musicien'

django.template.defaultfilters.truncatewords_html(text,3) : u'john paul george ...'

django.template.defaultfilters.truncatewords_html(text,4) : u'john paul george & ringo are very ; good ...'

Change History (8)

comment:1 by Dennis Kaarsemaker, 15 years ago

Your example is invalid html, you need & instead of &. I don't think you should blame this one on Django.

comment:2 by Cld, 15 years ago

Yes, but you can always had bad data from external data source. And an entities can't be with a space, in this cas "& " need to be ignore.

comment:3 by Dennis Kaarsemaker, 15 years ago

Err, filters are merely display functions. Validation should be done way before data even reaches a filter!

comment:4 by Cld, 15 years ago

In all case, &'space'something'space'; need to be considerate has separate charactere and not and html entities (an entities can't contains space and bad or unknow entities need to be display has is)

in reply to:  4 comment:5 by JohnDoe, 15 years ago

Replying to Cld:

In all case, &'space'something'space'; need to be considerate has separate charactere and not and html entities (an entities can't contains space and bad or unknow entities need to be display has is)

I opened up the HTML4.01 standard and looked at it. I'm not sure where you're getting your information for your arguments.
What you, in fact, should be doing is not allowing invalid HTML, it opens up for various security holes and it's easy to avoid.

comment:6 by Alex Gaynor, 15 years ago

Triage Stage: UnreviewedAccepted

comment:7 by Klaas van Schelven, 13 years ago

I'm not sure why this was marked as accepted... JohnDoe's & seveas' argument is correct.

Can someone with the proper authority make a decision and (preferably) close the ticket as invalid?

comment:8 by Luke Plant, 13 years ago

Resolution: invalid
Status: newclosed

Agreed - given invalid input, you cannot expect better, and the current output is no better or worse than the alternatives.

Note: See TracTickets for help on using tickets.
Back to Top