Ruby on Rails | Screencasts | Download | Documentation | Weblog | Community | Source

Ticket #8452 (assigned defect)

Opened 1 year ago

Last modified 3 months ago

[PATCH][TEST] Fix String#escapeHTML and String#unescapeHTML (several fixes, memory leak)

Reported by: slusarz Assigned to: jdalton (accepted)
Priority: normal Milestone: 2.x
Component: Prototype Version: edge
Severity: normal Keywords:
Cc:

Description

Several browsers do not decode HTML entities of the form 'Ú' correctly. See attached patch to test/unit/string.html for a test case. Character is decoded correctly using Firefox 2 & 1.5 and Opera 9.2 and fails on IE 7 & 6, Safari 2.0.4, and the latest version of WebKit.

Attachments

string.html patch (0.7 kB) - added by slusarz on 05/24/07 10:55:27.
Patch to test/unit/string.html
Fix-String-escapeHTML-and-String-unescapeHTML.patch (4.2 kB) - added by jdalton on 04/07/08 18:11:21.
Fixed unescapeHTML to decode complex HTML entities in all browsers, fixed memory leak, fixed IE bug with escaped HTML

Change History

05/24/07 10:55:27 changed by slusarz

  • attachment string.html patch added.

Patch to test/unit/string.html

05/24/07 18:40:19 changed by josh

  • status changed from new to closed.
  • resolution set to wontfix.

unescapeHTML is part of the Ruby CGI lib. I think you should report the bug to them.

http://www.ruby-lang.org/en/community/ruby-core/

05/24/07 19:10:10 changed by slusarz

Pardon my ignorance if I am missing something here, but what does a function in Ruby (written in ruby) have to do with a Prototypejs 'String' function (written in javascript)?

As indicated by my patch, the following javascript code:

'Ú'.unescapeHTML()

does not produce correct results across all browsers.

05/24/07 19:50:51 changed by josh

  • status changed from closed to reopened.
  • resolution deleted.

Opps, some reason it can up in my rails tickets.

All apologies.

05/28/07 11:18:33 changed by slusarz

Removing Safari from the IE/Safari workaround escapeHTML/unescapeHTML() extend fixes that browser (2.0.4) - at the expense of much slower benchmarks. However, if that is the cost to have it work properly, it probably needs to be done.

Removing IE from that block causes the characters to be decoded properly, but IE fails tests where there are newlines in the original HTML string (due to the fact IE's innerHTML does some weird optimizations with whitespace). That is probably the original reason IE was handled in a separate block.

06/22/07 21:16:45 changed by matt

use CGI::unescapeHTML as a workaround

12/20/07 19:08:03 changed by pazu

I've recently upgraded prototype from 1.5.0 to 1.5.1.1, something I thought it would be a no brainer, but this unescapeHTML "optimization" for IE completely broke my system.

If nothing else, it's preferable to leave an old bug in (the whitespace normalization) than to introduce a completely new behaviour (not decoding HTML entities) in a point release.

03/24/08 23:39:51 changed by jdalton

  • owner changed from sam to jdalton.
  • status changed from reopened to new.

03/24/08 23:41:03 changed by jdalton

  • status changed from new to assigned.

related to http://dev.rubyonrails.org/ticket/8851

04/07/08 16:46:42 changed by jdalton

  • summary changed from HTML entities not decoded correctly by String.unescapeHTML() to [PATCH][TEST] Fix String#encodeHTML and String#unencodeHTML (several fixes).

fixes this tickets as well: http://dev.rubyonrails.org/ticket/11333

04/07/08 18:11:21 changed by jdalton

  • attachment Fix-String-escapeHTML-and-String-unescapeHTML.patch added.

Fixed unescapeHTML to decode complex HTML entities in all browsers, fixed memory leak, fixed IE bug with escaped HTML

04/13/08 03:47:16 changed by jdalton

  • summary changed from [PATCH][TEST] Fix String#encodeHTML and String#unencodeHTML (several fixes) to [PATCH][TEST] Fix String#escapeHTML and String#unescapeHTML (several fixes).

04/13/08 03:48:52 changed by jdalton

  • summary changed from [PATCH][TEST] Fix String#escapeHTML and String#unescapeHTML (several fixes) to [PATCH][TEST] Fix String#escapeHTML and String#unescapeHTML (several fixes, memory leak).

04/13/08 03:58:20 changed by jdalton

This ticket by Kangax is related.
About escaping double quotes in String#escapeHTML: #10622