-
the unescaped filename is used on at least three occurences in the generated html:
* `"` is not escaped inside `title="filename"`
* `&` is not escaped inside `filename`
* `&` is not escaped inside …
-
Slack's RSS feed reader does not render https://clojure.org/feed.xml properly. Some HTML tags are truncated. I think it would be a good idea to make sure the feed renders well in more places.
#…
-
I could be wrong about this, but I can't think of any situation where a person would not want to escape what goes into an HTML attribute.
Doing, for instance, `span 'data-equation': 'x
-
The existing option "escapeNonAscii" seems to be a quick solution for some corner cases but blurs the difference between encoding unicode text into UTF-8 and formatting JSON content.
The JSON s…
-
The spec defines string escapes like `\a` as `\x07` - but doesn't say if `\x07` is a legitimate escape. The octal escapes list `\119` as `\t9`, but don't say what rules are used to determined it's a s…
-
If html validator was used, the current index.html got a lot of erros like:
"& did not start a character reference. (& probably should have been escaped as &.)"
'&' should be coded in:
1) index.h…
clwen updated
11 years ago
-
I would like to see the following small improvements to the switch statement in `block.t.php`:
- add the `case 'no'`. i got the options from the switch statement rather than reading the notes at th…
-
There is a function in the code for unescaping HTML entities:
https://github.com/mozilla/readability/blob/2524fe371da2356b0bb79e0d34b028fa23388cd3/Readability.js#L1353-L1365
However, it does not…
-
Input:
```
# A Header #
```
Current output:
```
<!-- comment -->
A Header
```
Desired output:
```
A Header
```
The comments are parsed correctly as long as they are on their own line, …
-
## Script injection
__Expected behavior:__
CSS rendered serverside needs HTML escaping by default because of script injection attack.
__Describe the bug:__
There is a known security issue w…