Project

General

Profile

Actions
Copy link

Defect #6969

open

Less-than sign in issue description and comments are not escaped

Added by Magnus Henoch over 13 years ago. Updated over 3 years ago.

Status:
Reopened
Priority:
Normal
Assignee:
Jean-Philippe Lang
Category:
Text formatting
Target version:
Candidate for next major release
Start date:
2010-11-24
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed
Affected version:
1.0.3

Description

When an issue description or comment contains a less-than sign (<), this sign is output verbatim in the issue page, instead of being escaped with ampersand-"lt"-semicolon. This causes the issue details page to be invalid XHTML, which is contrary to the page's doctype, and makes it impossible to read the page with an XML parser. I created an issue on the demo site to demonstrate the problem.

To reproduce, run xmllint URL-OF-ISSUE-PAGE, like this:

$ xmllint http://demo.redmine.org/issues/38181
http://demo.redmine.org/issues/38181:166: parser error : StartTag: invalid element name
<p>Hm: <</p>
        ^
http://demo.redmine.org/issues/38181:241: parser error : StartTag: invalid element name
mg alt="Comment" src="/images/comment.png?1286930539" /></a></div><p>And this? <
                                                                               ^
http://demo.redmine.org/issues/38181:330: parser error : Entity 'copy' not defined
    Powered by <a href="http://www.redmine.org/">Redmine</a> &copy; 2006-2010 Je
                                                                   ^

The third error is a false positive (xmllint doesn't know XHTML entities), but the first two errors are symptoms of this problem.

Files

issue6969_test_escaping.diff (576 Bytes) issue6969_test_escaping.diff Go MAEDA, 2015-10-01 10:26

Related issues

Related to Redmine - Defect #21202: Left aligned sign in tabular is not worked since applying #6969Closed

Actions
Actions
Copy link

Also available in: Atom PDF