search

judgo-system / judgo

A preference judgment system for document ranking
http://preference-judgment.herokuapp.com
MIT License
2 stars 3 forks source link

Do we still need to escape the text? #20

Closed profsmucker closed 2 years ago

profsmucker commented 2 years ago

The idea of stripping tags was to not need to escape all html entities.

These lines in the code: https://github.com/judgo-preference-judgment/judgo-health-misinformation/blob/a01406ac723bcb9c660a5c767f4b83b2cce0e7a8/web/judgment/views.py#L95-L96

are still escaping the text. I would think it was only the tags that would cause problems with layout. If the tags are all gone, we should be okay, right? Or, do we need to keep escaping out of the chance that something will break?

What was breaking with the html tags?

MahsaSeifikar commented 2 years ago

I put these two lines since, although we use strip_tags, some documents contain tags that break our HTML structure.

However, I need to use html.escape function during the insertion of data since it causes some issues with highlighting documents in the system

profsmucker commented 2 years ago

Can you be more specific about the issues? I don't like the conversion of ampersands and quotes and apostrophes to escaped characters.

profsmucker commented 2 years ago

I actually think it is fine to continue escaping. It is just important to only call it once! Great.