Closed weierophinney closed 4 years ago
weierophinney
commented
4 years ago @mamont77 are you running the latest version? Escaping should be applied there...
Originally posted by @Ocramius at https://github.com/zendframework/zend-developer-tools/issues/116#issuecomment-20936691
weierophinney
commented
4 years ago @Ocramius, yes. I'am using latest master.
Originally posted by @mamont77 at https://github.com/zendframework/zend-developer-tools/issues/116#issuecomment-20968157
weierophinney
commented
4 years ago Could you please paste the HTML generated by the toolbar? I didn't find the location where the output would not be correctly escaped..
Originally posted by @Ocramius at https://github.com/zendframework/zend-developer-tools/issues/116#issuecomment-21017927
weierophinney
commented
4 years ago Sorry, I could not attach a file, unsupported format. Temporarily added to my repository. https://github.com/mamont77/fcontrol/blob/master/temp.html
Originally posted by @mamont77 at https://github.com/zendframework/zend-developer-tools/issues/116#issuecomment-21024253
weierophinney
commented
4 years ago @mamont77 if I get this correctly, it's a problem in Zend\Debug itself.
The problems are at https://github.com/mamont77/fcontrol/blob/master/temp.html#L367, right?
If so, then this issue should be opened against Zend\Debug with a small test array (nothing fancy, just those weird keys).
Originally posted by @Ocramius at https://github.com/zendframework/zend-developer-tools/issues/116#issuecomment-21025439
weierophinney
commented
4 years ago @Ocramius I'm not convinced by your analysis. Zend\Debug\Debug::dump() does the following:
<pre> tags.Zend\Escaper\Escaper instance, and calls escapeHtml() to escape the output, before wrapping in <pre> tags.Based on the configuration dumped, I'd argue it's a problem with Escaper, to be honest -- there are clearly < and > characters not being escaped.
Originally posted by @weierophinney at https://github.com/zendframework/zend-developer-tools/issues/116#issuecomment-21198482
weierophinney
commented
4 years ago @weierophinney no analysis: I just stopped after finding out that it's not ZDT ;)
Originally posted by @Ocramius at https://github.com/zendframework/zend-developer-tools/issues/116#issuecomment-21201213
weierophinney
commented
4 years ago Odd -- I took the relevant parts of the configuration:
and wrote a test to see if the values were being escaped. They were. In fact, all quotes, all angle brackets, and a number of other characters were being escaped for HTML.
This makes me wonder if it's either (a) browser-specific, or (b) an issue with how the JS library is handling the data.
Originally posted by @weierophinney at https://github.com/zendframework/zend-developer-tools/issues/116#issuecomment-21211465
samsonasik
commented
4 years ago Escaped contents should already handled in laminas-developer-tools ^1.3.1 || ^2.0.2. If you found the problem persist, please re-create issue.
Closing.
Hi. Broken page because the code is displayed unescaped. It seems there is a problem in ConfigCollector::unserializeArray().
Originally posted by @mamont77 at https://github.com/zendframework/zend-developer-tools/issues/116