[DOXIA-362] Entities in attribute values are not escaped - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.1
Fix Version/s: 1.1.2
Component/s: Core, Module - Fml, Module - Xdoc, Module - Xhtml
Labels:
None

Description

xdoc source:

<a href="http://example.com/example.html?version=latest&amp;login=example">link</a>
<img src="http://example.com/example.jpg?version=latest&amp;login=example" alt="image"/>
<script type="text/javascript" src="http://example.com/example.js?version=latest&amp;login=example"></script>

result:

<a href="http://example.com/example.html?version=latest&amp;login=example" class="externalLink">link</a>
<img src="http://example.com/example.jpg?version=latest&login=example" alt="image" />
<script type="text/javascript" src="http://example.com/example.js?version=latest&login=example"></script>

ie for the <script> and <img> src attribute, the ampersand gets un-escaped. The reason is that the plexus MXParser (correctly) normalizes attribute values, but the XhtmlBaseSink doesn't re-escape them.

Attachments

Activity

People

Assignee:: Lukas Theussl

Reporter:: Lukas Theussl

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 21/Aug/09 02:55

Updated:: 07/Apr/15 18:15

Resolved:: 21/Aug/09 06:11