Relationship Graph

View IssueDependency GraphShow Summary
Relationship Graph
related to related to child of child of duplicate of duplicate of

View Issue Details

WikiRelated ChangesetsJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0008539mantisbtrsspublic2007-11-02 11:112010-12-15 18:13
Reporterdeboutv Assigned Todhx  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.1.0rc2 
Target Version1.2.0Fixed in Version1.2.0 
Summary0008539: Special (nominally HTML) characters are not parsed correctly in RSS feed output
Description

HTML tags are not escaped in the RSS feed. By example the tag <hr> must be escaped like this <hr>

TagsNo tags attached.
Attached Files
bugtracker-1.png (18,260 bytes)   
bugtracker-1.png (18,260 bytes)   
bugtracker-2.png (9,658 bytes)   
bugtracker-2.png (9,658 bytes)   

Relationships

Relationship GraphDependency Graph
related to 0010772 new RSS feed does not appear proper formatted in Google Chrome 

Activities

deboutv

deboutv

2007-11-02 11:20

reporter   ~0016068

Last edited: 2007-11-02 11:25

Initialy I wrote: 

&amp;lt;hr&amp;gt;

See 0008540 about &amp; escape bug.
giallu

giallu

2007-11-29 05:53

reporter   ~0016323

let test this then
<hr>
giallu

giallu

2007-11-29 05:57

reporter   ~0016324

one question: is your installation set up to allow <hr> tags on comments?
giallu

giallu

2007-11-29 06:16

reporter   ~0016325

bold test
deboutv

deboutv

2007-11-29 08:18

reporter   ~0016326

Giallu, your question is a test or a real question to me?
giallu

giallu

2007-11-29 09:53

reporter   ~0016328

it was a real question, sorry for messing it up into other test comments :)

Actually, I am not able to reproduce this on this tracker, nor on the mantisdemo one...
deboutv

deboutv

2007-11-29 14:39

reporter   ~0016331

Last edited: 2007-11-29 14:40

Strange, see my snapshots of this bugtracker ;) In the RSS the description is not the same...
giallu

giallu

2007-11-29 18:33

reporter   ~0016336

Yes, I can reproduce that. but the actual sources for that feed item is (I hope it is preserved...)

<item>
<title>0008539: Issue with HTMl tags</title>
<link>http://www.mantisbt.org/bugs/view.php?id=8539</link>

<description>HTML tags are not escaped in the RSS feed. By example the tag <hr> must be escaped like this &lt;hr&gt;</description>
<guid>http://www.mantisbt.org/bugs/view.php?id=8539</guid>
<author>deboutv <deboutv@example.com></author>
<comments>http://www.mantisbt.org/bugs/view.php?id=8539#bugnotes</comments>
</item>

So it seems they are actually escaped, but to be consistent with web page we would need to escape again the ampersand (so double quoting)

Looks reasonable?
rbendig

rbendig

2007-11-30 03:16

reporter   ~0016337

the first <hr> tag is not escaped... ?

Related Changesets

MantisBT: master-1.2.x 8f92d886

2010-02-07 20:53

dhx


Details Diff		 Fix 0008539: Special characters not parsed correctly in RSS output

PHP's DOMDocument::createTextNode automatically escapes special
characters within the node value. Therefore we don't need to double
escape these special characters (in particular, the ampersand) using
string_rss_links(...) when PHP already does the escaping for us.

Use of DOMDocument::createCDATASection doesn't escape special characters
and thus we still need to use string_rss_links(...) to do our own
escaping of the description field.		 Affected Issues
0008539
mod - issues_rss.php Diff File

MantisBT: master aa058c53

2010-02-07 20:53

dhx


Details Diff		 Fix 0008539: Special characters not parsed correctly in RSS output

PHP's DOMDocument::createTextNode automatically escapes special
characters within the node value. Therefore we don't need to double
escape these special characters (in particular, the ampersand) using
string_rss_links(...) when PHP already does the escaping for us.

Use of DOMDocument::createCDATASection doesn't escape special characters
and thus we still need to use string_rss_links(...) to do our own
escaping of the description field.		 Affected Issues
0008539
mod - issues_rss.php Diff File