Uploaded image for project: 'Maven Doxia'
  1. Maven Doxia
  2. DOXIA-726

MarkdownSink: Incorrect escaping of <,>,",' and &

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.0.0-M9
    • 2.0.0, 2.0.0-M10
    • Module - Markdown
    • None

    Description

      As Markdown emits all unknown characters "as-is" in the resulting HTML also all XML escape characters need to be leveraged in addition to the ones outlined in https://daringfireball.net/projects/markdown/syntax#backslash in Sink.text(...). Currently only the latter is considered though which leads to incorrect output: The text value

      "this is a <test>"
      

      should lead to

      "this is a &lt;test&gt;"
      

      but right now the "<" and ">" are not escaped.
      Compare also with https://spec.commonmark.org/0.30/#entity-and-numeric-character-references.

      It needs to be ensured that all parsed XHTML elements which are not natively supported by the Sink API (i.e. don't lead to a dedicated event) are passed as is to the output (given the input is XHTML).

      Attachments

        Issue Links

          Activity

            People

              kwin Konrad Windszus
              kwin Konrad Windszus
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: