Uploaded image for project: 'Click'
  1. Click
  2. CLK-674

Escape control values as xml entities instead of html

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.2.0
    • Fix Version/s: 2.3.0-M1
    • Component/s: core
    • Labels:
      None

      Description

      Click escapes Control values and attributes using HTML entities, which doesn't play nice when returning XML payloads for Ajax requests.

      I suggest we only escape dangerous HTML characters > < " ' &, with the option of switching escaping off.

      Is there any reason to escape all HTML entities?

      PS: Apostrophe should be escaped as "& #039;" not "& apos;". apos is not a valid HTML entity

        Activity

        Hide
        sabob Bob Schellink added a comment -

        fixed in trunk

        Show
        sabob Bob Schellink added a comment - fixed in trunk
        Hide
        sabob Bob Schellink added a comment -

        This change has been checked in. Only 5 entities are now escaped namely: " & ' < >

        Show
        sabob Bob Schellink added a comment - This change has been checked in. Only 5 entities are now escaped namely: " & ' < >

          People

          • Assignee:
            sabob Bob Schellink
            Reporter:
            sabob Bob Schellink
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development