Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Normal "quotes" are not escaped #159

Open
dereuromark opened this issue Sep 19, 2020 · 4 comments
Open

Normal "quotes" are not escaped #159

dereuromark opened this issue Sep 19, 2020 · 4 comments
Labels
Bug

Comments

@dereuromark
Copy link
Collaborator

Not sure if thats a problem for normal use cases, but using HTML escaping
or h() in CakePHP
you get

Some "<b>demo</b>" string

transformed into

Some &quot;&lt;b&gt;demo&lt;/b&gt;&quot; string

with >/</" escaped

But with this BBCode parser the " remain it seems:

Some "&lt;b&gt;demo&lt;/b&gt;" string

Depending on where those chars appear it could break some layouts maybe. But not sure.

I tried to first escape h($text) before adding it into the converter, but then the tags needing " characters to work wont parse anymore.
@dereuromark
Copy link
Collaborator Author

The issue can be seen here: https://github.com/dereuromark/cakephp-markup/blob/master/tests/TestCase/Bbcode/DecodaBbcodeTest.php#L42

@alquerci
Copy link
Contributor

There is one test case for that so it is expected for now.

https://github.com/milesj/decoda/blob/e84411a/tests/Decoda/DecodaTest.php#L247

@dereuromark
Copy link
Collaborator Author

I wonder if this could break some HTML or have other side effects.

@alquerci
Copy link
Contributor

It only make issue on tag attributes value.

Except I miss something.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dereuromark @alquerci