Zope 2

ZPT escapes attributes when it shouldn't

Bug #142378 reported by Bug Importer on 2002-12-12

Affects		Status	Importance	Assigned to	Milestone
	Zope 2	Fix Released	Medium	Unassigned

Bug Description

ZPT escapes the ampersand of character entities
in attributes. They should not be escaped since
they are legal HTML and needed to make accented
characters, for example in <img alt="">

To check this, put the following line in a Template
and view the result.

Tags:

Revision history for this message

Evan Simpson (evan-4-am) wrote on 2002-12-16:

Status: Pending => Resolved

Fixed in CVS trunk by not escaping ampersands in attributes that start off a syntactically valid character entity. Note that this includes semantic nonsense such as "&blah;" and "&#99999999999;" as well as valid entities such as "á" and "d".

Revision history for this message

Christian Theune (ctheune) wrote on 2003-09-09:

Status: Resolved => Pending

I currently discovered this behaviour on a HEAD checkout from 2003/07/14.

Is it possible this bug slipped in again? Also in XML mode i discovered that the attributes are presented after character reference substitution (happens only in the attributes, not the rest of the document).

So this happens to an attribute "string:ä":

Macro-Expansion On | Macro-Expansion Off

XML-Mode "string:ä" | "string:ä":

HTML-Mode "string:&#xe4;" | "string:ä":

I tried to locate it further. It happens somewhere in the
interpret() method from the TALInterpreter.

Revision history for this message

Christian Theune (ctheune) wrote on 2003-09-19:

Changes: edited transcript, revised version_info

Revision history for this message

Evan Simpson (evan-4-am) wrote on 2003-10-01:

This *should* be fixed now in the CVS trunk and 2.7 branch. Interested parties please test and comment.

Revision history for this message

ChrisW (chris-simplistix) wrote on 2004-09-24:

Status: Pending => Deferred

Final call for testing Evan's fixes for this.

If no-one's having problems, this will get marked as resolved in a month's time...

Revision history for this message

ChrisW (chris-simplistix) wrote on 2004-11-26:

Status: Deferred => Resolved

No response, so I'm assuming the testing went fine, so marking as resolved.

Revision history for this message

Larry Bates (lbates35476) wrote on 2005-02-10:

Seems that this was resolved prematurely. It is still escaping ampersands in 2.7.4-0 version that I'm using.

Revision history for this message

ChrisW (chris-simplistix) wrote on 2005-02-11:

Status: Resolved => Pending

Then you should have "resubmit" -ed ;-)
I have now...

Please provde a clear explanation of your problem with details steps on how to reproduce.

Revision history for this message

Andres Herrera (andresh) wrote on 2008-04-13:

Hi, continues even with the problems in the newer versions?

Changed in zope2:
status:	New → Incomplete

Revision history for this message

Hanno Schlichting (hannosch) wrote on 2010-02-26:

#10

Tested the "<span alt="á"></span>" snippet in a page template in Zope 2.12 and it doesn't quote the ampersand but keeps the entity intact.

Changed in zope2:
status:	Incomplete → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.