Re: Bad escaping of "website" URLs

Thread: Re: Bad escaping of "website" URLs

Search this list only Search all lists
Re: Bad escaping of "website" URLs
	2007-02-06 10:47:51
Thanks James - I'll take a look at this. On 2/1/07, Manger, James H <James.H.Mangerteam.telstra.com> wrote: > > > > Users' website URLs are ruined by escaping. > > > > Example: bob comments on an entry > > <<realm/bob.properties>> (note the "&" in the website property) > > #User : bob > > #Thu Feb 01 11:22:55 EST 2007 > > website=http://example.org/?type=staff&id=bob > > name=Bobby Brown > > password=ba74f573ff7be79eee1b6a4e58a79d722cb6aaea > > roles=ROLE_BLOG_ADMIN,ROLE_BLOG_OWNER,ROLE_BLOG_PUBLISHER,RO LE_BLOG_CONTRIBUTOR, > > emailAddress= > > > > The "website" field value on the "Add a comment" form includes an escaped > version of the URL (it should be displayed unescaped). > > Website: [ http:// example.org/?type=staff&id=bob ] > > Viewing the HTML source shows the double-escaping. > > <input name="website" > value="http://example.org/?type=staff&amp;id=bob&qu ot;/> > > > > After submitting the comment and viewing the entry you get the following. > > Comment from Bobby Brown (-/144…) > > Viewing the HTML source shows a massively over-escaped link. > > Comment from <a > href="http://example.org/?type=staff&amp;am p;amp;amp;id=bob" > target="_blank" > title="http://example.org/?type=staff&amp;am p;amp;amp;id=bob" > rel="nofollow">Bobby Brown</a> > > > > On Approving the comment even more escaping is added! > > > > [Pebble 2.0.1; Java 6; FCKConfig.ProcessHTMLEntities = false ;] > ------------------------------------------------------------ ------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job > easier. > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/ sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > > _______________________________________________ > Pebble-user mailing list > Pebble-userlists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/pebble-user > > > ------------------------------------------------------------ ------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/ sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Pebble-user mailing list Pebble-userlists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/pebble-user

Re: Bad escaping of "website" URLs
	2007-02-09 08:55:19
The fix for this will be committed this evening. Cheers Simon On 2/6/07, Simon Brown <simongbrowngmail.com> wrote: > Thanks James - I'll take a look at this. > > On 2/1/07, Manger, James H <James.H.Mangerteam.telstra.com> wrote: > > > > > > > > Users' website URLs are ruined by escaping. > > > > > > > > Example: bob comments on an entry > > > > <<realm/bob.properties>> (note the "&" in the website property) > > > > #User : bob > > > > #Thu Feb 01 11:22:55 EST 2007 > > > > website=http://example.org/?type=staff&id=bob > > > > name=Bobby Brown > > > > password=ba74f573ff7be79eee1b6a4e58a79d722cb6aaea > > > > roles=ROLE_BLOG_ADMIN,ROLE_BLOG_OWNER,ROLE_BLOG_PUBLISHER,RO LE_BLOG_CONTRIBUTOR, > > > > emailAddress= > > > > > > > > The "website" field value on the "Add a comment" form includes an escaped > > version of the URL (it should be displayed unescaped). > > > > Website: [ http:// example.org/?type=staff&id=bob ] > > > > Viewing the HTML source shows the double-escaping. > > > > <input name="website" > > value="http://example.org/?type=staff&amp;id=bob&qu ot;/> > > > > > > > > After submitting the comment and viewing the entry you get the following. > > > > Comment from Bobby Brown (-/144…) > > > > Viewing the HTML source shows a massively over-escaped link. > > > > Comment from <a > > href="http://example.org/?type=staff&amp;am p;amp;amp;id=bob" > > target="_blank" > > title="http://example.org/?type=staff&amp;am p;amp;amp;id=bob" > > rel="nofollow">Bobby Brown</a> > > > > > > > > On Approving the comment even more escaping is added! > > > > > > > > [Pebble 2.0.1; Java 6; FCKConfig.ProcessHTMLEntities = false ;] > > ------------------------------------------------------------ ------------- > > Using Tomcat but need to do more? Need to support web services, security? > > Get stuff done quickly with pre-integrated technology to make your job > > easier. > > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > > http://sel.as-us.falkag.net/ sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > > > > _______________________________________________ > > Pebble-user mailing list > > Pebble-userlists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/pebble-user > > > > > > > ------------------------------------------------------------ ------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/ sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Pebble-user mailing list Pebble-userlists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/pebble-user

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )