View Issue Details

IDProjectCategoryView StatusLast Update
0008539mantisbtrsspublic2010-12-15 18:13
Reporterdeboutv Assigned Todhx  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.1.0rc2 
Target Version1.2.0Fixed in Version1.2.0 
Summary0008539: Special (nominally HTML) characters are not parsed correctly in RSS feed output
Description

HTML tags are not escaped in the RSS feed. By example the tag <hr> must be escaped like this <hr>

TagsNo tags attached.
Attached Files
bugtracker-1.png (18,260 bytes)   
bugtracker-1.png (18,260 bytes)   
bugtracker-2.png (9,658 bytes)   
bugtracker-2.png (9,658 bytes)   

Relationships

related to 0010772 new RSS feed does not appear proper formatted in Google Chrome 

Activities

deboutv

deboutv

2007-11-02 11:20

reporter   ~0016068

Last edited: 2007-11-02 11:25

Initialy I wrote: <pre>&amp;lt;hr&amp;gt;</pre>

See 0008540 about &amp; escape bug.

giallu

giallu

2007-11-29 05:53

reporter   ~0016323

let test this then
<hr>

giallu

giallu

2007-11-29 05:57

reporter   ~0016324

one question: is your installation set up to allow <hr> tags on comments?

giallu

giallu

2007-11-29 06:16

reporter   ~0016325

<b>bold test</b>

deboutv

deboutv

2007-11-29 08:18

reporter   ~0016326

Giallu, your question is a test or a real question to me?

giallu

giallu

2007-11-29 09:53

reporter   ~0016328

it was a real question, sorry for messing it up into other test comments :)

Actually, I am not able to reproduce this on this tracker, nor on the mantisdemo one...

deboutv

deboutv

2007-11-29 14:39

reporter   ~0016331

Last edited: 2007-11-29 14:40

Strange, see my snapshots of this bugtracker ;) In the RSS the description is not the same...

giallu

giallu

2007-11-29 18:33

reporter   ~0016336

Yes, I can reproduce that. but the actual sources for that feed item is (I hope it is preserved...)

<item>
<title>0008539: Issue with HTMl tags</title>
<link>http://www.mantisbt.org/bugs/view.php?id=8539&lt;/link>

<description>HTML tags are not escaped in the RSS feed. By example the tag <hr> must be escaped like this &lt;hr&gt;</description>
<guid>http://www.mantisbt.org/bugs/view.php?id=8539&lt;/guid>
<author>deboutv <deboutv@example.com></author>
<comments>http://www.mantisbt.org/bugs/view.php?id=8539#bugnotes&lt;/comments>
</item>

So it seems they are actually escaped, but to be consistent with web page we would need to escape again the ampersand (so double quoting)

Looks reasonable?

rbendig

rbendig

2007-11-30 03:16

reporter   ~0016337

the first <hr> tag is not escaped... ?

Related Changesets

MantisBT: master-1.2.x 8f92d886

2010-02-07 20:53

dhx


Details Diff
Fix 0008539: Special characters not parsed correctly in RSS output

PHP's DOMDocument::createTextNode automatically escapes special
characters within the node value. Therefore we don't need to double
escape these special characters (in particular, the ampersand) using
string_rss_links(...) when PHP already does the escaping for us.

Use of DOMDocument::createCDATASection doesn't escape special characters
and thus we still need to use string_rss_links(...) to do our own
escaping of the description field.
Affected Issues
0008539
mod - issues_rss.php Diff File

MantisBT: master aa058c53

2010-02-07 20:53

dhx


Details Diff
Fix 0008539: Special characters not parsed correctly in RSS output

PHP's DOMDocument::createTextNode automatically escapes special
characters within the node value. Therefore we don't need to double
escape these special characters (in particular, the ampersand) using
string_rss_links(...) when PHP already does the escaping for us.

Use of DOMDocument::createCDATASection doesn't escape special characters
and thus we still need to use string_rss_links(...) to do our own
escaping of the description field.
Affected Issues
0008539
mod - issues_rss.php Diff File