You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 24, 2021. It is now read-only.
Reporter: avarab[at]gmail.com [Submitted to the original trac issue database at 9.24am, Saturday, 5th September 2009]
A changeset contains a URL the URL-linkifier will clash with the escape routine for the Atom output and the Atom feed will contain escaped HTML for the URL, e.g.:/browse/changeset/2380396
Author: avarab[at]gmail.com [Added to the original trac issue at 8.49pm, Monday, 14th September 2009]
The problem is that the XML builder list.atom.builder is using is escaping the HTML.
However the content can't be made to be un-escaped either. The reason is that Rails' own sanitize function doesn't do a good job of cleaning out HTML. If someone puts an unclosed HTML tag in a changeset, e.g.:
comment = <b>Unclosed
That will break the Atom feed for all XML parsers.
Attached is a patch that uses it. The patch is craptastic because I don't know how to add a utility function to the application so that it'll be seen by the template code. But it's a proof of concept.
With it HTML/XML output will be safe everywhere.
The downside is that if someone literally inserts e.g. "" into a changeset tag that'll be rendered as "". I.e. stripped away.
I haven't found out how to make the sanitizer accept links but escape everything else.
Author: avarab[at]gmail.com [Added to the original trac issue at 9.09pm, Monday, 14th September 2009]
Anyway until links can safely be included in our Atom feeds without a stray HTML element blowing the whole feed I've removed the autolinking. See [17621].
Reporter: avarab[at]gmail.com
[Submitted to the original trac issue database at 9.24am, Saturday, 5th September 2009]
A changeset contains a URL the URL-linkifier will clash with the escape routine for the Atom output and the Atom feed will contain escaped HTML for the URL, e.g.:/browse/changeset/2380396
[http://www.openstreetmap.org/browse/changeset/2380396 This] is the changeset that produced it.
The text was updated successfully, but these errors were encountered: