Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

[WebLink] Escape double quotes in attributes values#40209

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
fabpot merged 1 commit intosymfony:4.4fromfancyweb:web-link/escape
Feb 16, 2021

Conversation

@fancyweb
Copy link
Contributor

QA
Branch?4.4
Bug fix?yes
New feature?no
Deprecations?no
Tickets-
LicenseMIT
Doc PR-

If the attribute value contains a double quote, the serialized value is invalid:</foo>; rel="alternate"; title="foo " bar". Ideally we would useaddcslashes but we can't because users that already pass escaped values would then be impacted.

@nicolas-grekas
Copy link
Member

shouldn't this be escaped withhtmlspecialchars() instead?

@nicolas-grekas
Copy link
Member

shouldn't this be escaped with htmlspecialchars() instead?

or maybe not if this is for HTTP headers? any link to the relevant part of the spec?

@fancyweb
Copy link
ContributorAuthor

https://tools.ietf.org/html/rfc5988 saysquoted-string fromhttps://tools.ietf.org/html/rfc2616

quoted-string:

A string of text is parsed as a single word if it is quoted using
double-quote marks.

   quoted-string  = ( <"> *(qdtext | quoted-pair ) <"> )   qdtext         = <any TEXT except <">>

The backslash character ("") MAY be used as a single-character
quoting mechanism only within quoted-string and comment constructs.

@fabpot
Copy link
Member

Thank you@fancyweb.

@fabpotfabpot merged commitf8ce7d0 intosymfony:4.4Feb 16, 2021
@fancywebfancyweb deleted the web-link/escape branchFebruary 16, 2021 12:16
This was referencedMar 4, 2021
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@fabpotfabpotfabpot approved these changes

@nicolas-grekasnicolas-grekasnicolas-grekas approved these changes

@chalasrchalasrchalasr approved these changes

@dunglasdunglasAwaiting requested review from dunglasdunglas is a code owner

Assignees

No one assigned

Projects

None yet

Milestone

4.4

Development

Successfully merging this pull request may close these issues.

5 participants

@fancyweb@nicolas-grekas@fabpot@chalasr@carsonbot
[8]ページ先頭
©2009-2025 Movatter.jp