PHP :: Bug #233 :: syntax high-lighter does not escape important HTML entities

Bug #233	syntax high-lighter does not escape important HTML entities
Submitted:	1998-04-02 11:00 UTC	Modified:	1998-04-09 19:57 UTC
From:	david at uws dot edu dot au	Assigned:
Status:	Closed	Package:	Other
PHP Version:	3.0 Release Candidate 3	OS:	(n/a)
Private report:	No	CVE-ID:	None

View Developer Edit

[1998-04-02 11:00 UTC] david at uws dot edu dot au

When displaying coloured source, the syntax high-lighter
converts "<" to "&lt;" but DOESN'T convert "&" to "&amp;"
or ">" to "&gt;", generating inconsistent and (at times)
broken HTML.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[1998-04-09 19:57 UTC] jim

Fixed in the latest CVS.

[2010-10-10 21:05 UTC] cataphract@php.net

Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=304287
Log: - Revamp of the decoding portion of html.c.
- Dramatic improvements on the performance of html_entity_decode and htmlspecialchars_decode, as the
  string is now traversed only once. Speedups of 20 to 25 times with Windows release builds and a
  ~250 characters string (for 2nd and subsequent calls).
- Consistent behavior on html_entity_decode. For instance, the entity in &quot;&amp;&amp;lt;&quot; would be decoded,
  but not &quot;&amp;&amp;#233;&quot;. Not anymore. The code path for &quot;basic&quot; and non-basic entities is now mostly
  shared.
- Code of html_entity_decode and htmlspecialchars_decode is now shared.
- [DOC] More consistent behavior of htmlspecialchars_decode. Instead of translating only &amp;lt;, &amp;gt;,
  &amp;amp;, &amp;quot;, &amp;#039; and &amp;#39;, now e.g. &amp;#34;, &amp;apos;, &amp;#0039;, &amp;#x27;, etc. are also decoded.
- [DOC] Previous translation of unicode code points in numerical entities was seriously broken. When
  the code points for some character were not the same in unicode and the target encoding, the
  behavior could be an erroneous translation (e.g. 0x80-0xA0 in win-1252) or no translation at all.
  Added unicode translation tables for all single-byte encodings. Entities are not translated for
  multi-byte entities, except for ASCII characters whose code points are shared. We could add
  the huge translation tables (several thousand elements) for those encodings in the future.
- Fixed numerical entities that after # had text accepted by strcol being accepted.
- Much more commented and well-structured code...
- Tests for get_html_translation_table()) are broken. I stared fixing the tests, but then I realized
  it was completely helpless because get_html_translation_table() is broken by not handling
  multi-byte characters correctly.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Apr 18 17:01:25 2025 UTC