search

conversejs / converse.js

Web-based XMPP/Jabber chat client written in JavaScript
http://conversejs.org
Mozilla Public License 2.0
3.08k stars 772 forks source link

Incorrect escaping #1951

Open guusdk opened 4 years ago

guusdk commented 4 years ago

With Converse 6.0.1, when I enter this text in the input field, the resulting chat log gets parsed incorrectly:

        <repository>
            <id>igniterealtime</id>
            <name>Ignite Realtime Repository</name>
            <url>https://igniterealtime.org/archiva/repository/maven/</url>
        </repository>

Results in:

image

--- Want to back this issue? **[Post a bounty on it!](https://app.bountysource.com/issues/97592866-incorrect-escaping?utm_campaign=plugin&utm_content=tracker%2F194169&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://app.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F194169&utm_medium=issues&utm_source=github).
guusdk commented 3 years ago

I noticed that in 8.0.1, this behavior has changed slightly, but is still broken. This message text:

test: <url>https://igniterealtime.org/archiva/repository/maven/</url>

Results in:

image

Note that the link text color suggests that the closing tag is part of the link text. When opening the link, it is apparent that the URL itself is malformed too. It points at https://igniterealtime.org/archiva/repository/maven/%3C/url%3E