php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #233 syntax high-lighter does not escape important HTML entities
Submitted: 1998-04-02 11:00 UTC Modified: 1998-04-09 19:57 UTC
From: david at uws dot edu dot au Assigned:
Status: Closed Package: Other
PHP Version: 3.0 Release Candidate 3 OS: (n/a)
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: david at uws dot edu dot au
New email:
PHP Version: OS:

 

 [1998-04-02 11:00 UTC] david at uws dot edu dot au
When displaying coloured source, the syntax high-lighter
converts "<" to "&lt;" but DOESN'T convert "&" to "&amp;"
or ">" to "&gt;", generating inconsistent and (at times)
broken HTML.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [1998-04-09 19:57 UTC] jim
Fixed in the latest CVS.
 [2010-10-10 21:05 UTC] cataphract@php.net
Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=304287
Log: - Revamp of the decoding portion of html.c.
- Dramatic improvements on the performance of html_entity_decode and htmlspecialchars_decode, as the
  string is now traversed only once. Speedups of 20 to 25 times with Windows release builds and a
  ~250 characters string (for 2nd and subsequent calls).
- Consistent behavior on html_entity_decode. For instance, the entity in &quot;&amp;&amp;lt;&quot; would be decoded,
  but not &quot;&amp;&amp;#233;&quot;. Not anymore. The code path for &quot;basic&quot; and non-basic entities is now mostly
  shared.
- Code of html_entity_decode and htmlspecialchars_decode is now shared.
- [DOC] More consistent behavior of htmlspecialchars_decode. Instead of translating only &amp;lt;, &amp;gt;,
  &amp;amp;, &amp;quot;, &amp;#039; and &amp;#39;, now e.g. &amp;#34;, &amp;apos;, &amp;#0039;, &amp;#x27;, etc. are also decoded.
- [DOC] Previous translation of unicode code points in numerical entities was seriously broken. When
  the code points for some character were not the same in unicode and the target encoding, the
  behavior could be an erroneous translation (e.g. 0x80-0xA0 in win-1252) or no translation at all.
  Added unicode translation tables for all single-byte encodings. Entities are not translated for
  multi-byte entities, except for ASCII characters whose code points are shared. We could add
  the huge translation tables (several thousand elements) for those encodings in the future.
- Fixed numerical entities that after # had text accepted by strcol being accepted.
- Much more commented and well-structured code...
- Tests for get_html_translation_table()) are broken. I stared fixing the tests, but then I realized
  it was completely helpless because get_html_translation_table() is broken by not handling
  multi-byte characters correctly.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Tue Dec 03 03:01:29 2024 UTC