Opened 17 years ago
Closed 17 years ago
#6514 closed (fixed)
urlize does not escape url correctly
| Reported by: | Owned by: | nobody | |
|---|---|---|---|
| Component: | Template system | Version: | dev |
| Severity: | Keywords: | ||
| Cc: | Triage Stage: | Ready for checkin | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
urlize leaves unencoded characters in href attributes. In particular, & must be escaped as & for valid XHTML. I believe unescaped '&'s are also invalid in HTML but HTML parsers are forgiving about this.
From the regression tests, http://example.com/x=&y= is converted to <a href="http://example.com/x=&y=" rel="nofollow">http://example.com/x=&y=</a>.
It should be converted to <a href="http://example.com/x=&y=" rel="nofollow">http://example.com/x=&y=</a>.
Attachments (4)
Change History (9)
comment:1 by , 17 years ago
| Summary: | urlize does not escape & characters → urlize does not escape url correctly |
|---|---|
| Triage Stage: | Unreviewed → Accepted |
by , 17 years ago
| Attachment: | urlize.diff added |
|---|
comment:2 by , 17 years ago
| Has patch: | set |
|---|
comment:3 by , 17 years ago
| Patch needs improvement: | set |
|---|
This needs a change to the regression test.
by , 17 years ago
by , 17 years ago
| Attachment: | 6514.2.diff added |
|---|
by , 17 years ago
| Attachment: | 6514.3.diff added |
|---|
comment:4 by , 17 years ago
| Patch needs improvement: | unset |
|---|---|
| Triage Stage: | Accepted → Ready for checkin |
Phew! It wasn't doing anything like it should have been doing.
comment:5 by , 17 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Escapes all ampersands.