Permalink
Browse files

Bug 485701: Fixes angle brackets (< and >) not escaped in HTML formul…

…a alt text
  • Loading branch information...
jcrada committed Jul 24, 2015
1 parent 08aa01c commit 64adce8b82c332b3855cdfaaa71afc984ffc4ca9
Showing with 0 additions and 18 deletions.
  1. +0 −18 src/htmldocvisitor.cpp
@@ -1904,24 +1904,6 @@ void HtmlDocVisitor::filterQuotedCdataAttr(const char* str)
case '"': m_t << "&quot;"; break;
case '<': m_t << "&lt;"; break;
case '>': m_t << "&gt;"; break;
// For SGML compliance, and given the SGML declaration for HTML syntax,
// it's enough to replace these two, provided that the declaration
// for the HTML version we generate (and as supported by the browser)
// specifies that all the other symbols used in rawVal are
// within the right character class (i.e., they're not
// some multinational weird characters not in the BASESET).
// We assume that 1) the browser will support whatever is remaining
// in the formula and 2) the TeX formulae are generally governed
// by even stricter character restrictions so it should be enough.
//
// On some incompliant browsers, additional translation of
// '>' and '<' into "&gt;" and "&lt;", respectively, might be needed;
// but I'm unaware of particular modern (last 4 years) versions
// with such problems, so let's not do it for performance.
// Also, some brousers will (wrongly) not process the entity references
// inside the attribute value and show the &...; form instead,
// so we won't create entites unless necessary to minimize clutter there.
// --vassilii
default: m_t << c;
}
}

0 comments on commit 64adce8

Please sign in to comment.