Chamelon Core

chameleon unescapes entities while processing

Bug #350042 reported by Sidnei da Silva on 2009-03-28

Affects		Status	Importance	Assigned to	Milestone
	Chamelon Core	Fix Released	Low	Malthe Borch

Bug Description

Now the opposite bug as the previous one, about the double quote.

Chameleon doesn't escape extended, non-ascii characters where it should. Examples, from failing real world tests:

- “GuadaMen” is a member of these teams: My Team
+ “GuadaMen” is a member of these teams: My Team

- You can’t vote in this poll
+ You can’t vote in this poll

Sidnei da Silva (sidnei) on 2009-03-28

Changed in chameleon.core:
assignee:	nobody → mborch
importance:	Undecided → Medium

Revision history for this message

Sidnei da Silva (sidnei) wrote on 2009-03-29:

Added a failing test on r4015

Revision history for this message

Malthe Borch (mborch) wrote on 2009-03-30:

I wouldn't necessarily consider this a bug; HTML allows UTF-8 encoded characters, safe for "<", ">" and "&".

At any rate, escaping all non-ascii characters will be quite expensive and if desired, should probably be a configurable behavior, e.g. ``CHAMELEON_ESCAPE_ALL``.

Changed in chameleon.core:
importance:	Medium → Low

Revision history for this message

Malthe Borch (mborch) wrote on 2009-03-31:

In r4025, a fix has been committed which ensures that HTML entities appearing in the source document will be printed as-is in the template output.

The present issue however, calls for escasping all characters that cannot be expressed natively in the output character set (e.g. if 'ascii' is required, all non-ascii characters should be converted to HTML entities).

Changed in chameleon.core:
status:	New → Confirmed

Revision history for this message

Sidnei da Silva (sidnei) wrote on 2009-03-31:

Actually, this issue started out as failing to escape but it was a mistake: turned out to be that chameleon was unescaping entities while processing the template. Bug #352399 was opened to track the other issue.

summary:	- chameleon doesn't escape all characters it should + chameleon unescapes entities while processing
Changed in chameleon.core:
status:	Confirmed → Fix Committed

Sidnei da Silva (sidnei) on 2009-03-31

Changed in chameleon.core:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.