Vote #68679
未完了Less-than sign in issue description and comments are not escaped
0%
説明
When an issue description or comment contains a less-than sign (@<@), this sign is output verbatim in the issue page, instead of being escaped with ampersand-"lt"-semicolon. This causes the issue details page to be invalid XHTML, which is contrary to the page's doctype, and makes it impossible to read the page with an XML parser. I created "an issue on the demo site":http://demo.redmine.org/issues/38181 to demonstrate the problem.
To reproduce, run @xmllint URL-OF-ISSUE-PAGE@, like this:
$ xmllint http://demo.redmine.org/issues/38181 http://demo.redmine.org/issues/38181:166: parser error : StartTag: invalid element nameHm: <
^ http://demo.redmine.org/issues/38181:241: parser error : StartTag: invalid element name mg alt="Comment" src="/images/comment.png?1286930539" />
And this? < ^ http://demo.redmine.org/issues/38181:330: parser error : Entity 'copy' not defined Powered by Redmine © 2006-2010 Je ^
The third error is a false positive (xmllint doesn't know XHTML entities), but the first two errors are symptoms of this problem.
journals
Thank you for reporting this issue.
Textile formatter in the latest trunk (r14634) is still affected.
Here is a test to catch this issue: attachment:issue6969_test_escaping.diff
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fixed in r14812.
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fix reverted, see #21202.
--------------------------------------------------------------------------------
related_issues
relates,Closed,21202,Left aligned sign in tabular is not worked since applying #6969