New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Angle brackets (< and >) not escaped in HTML formula alt text (Origin: bugzilla #485701) #2653

doxygen opened this Issue Jul 1, 2018 · 0 comments


None yet
1 participant

doxygen commented Jul 1, 2018

status RESOLVED severity normal in component general for ---
Reported in version 1.5.3-SVN on platform Other
Assigned to: Dimitri van Heesch

On 2007-10-11 11:22:17 +0000, Andy Buckley wrote:

Using less-than or greater-than signs in equations breaks the HTML output, because the alt text for the equation image doesn't escape ">" to ">" and "<" to "<". The result is that the browser can interpret them as HTML tag delimiters and the page rendering screws up.

This probably hasn't been noticed because (for Gecko browsers at least) not escaping angle brackets is "usually" tolerated, but using a custom HTML header can trigger rendering errors. Unfortunately this makes it hard to reproduce, but you can check the effect with a problem page at (which breaks for me with Firefox I've verified that using the HTML entities in place of < and > fixes the rendering problems.

On 2007-10-15 19:41:07 +0000, Dimitri van Heesch wrote:

This bug's version was set to "latest". Since this is a moving target, I changed it to 1.5.3-SVN. If you believe this has already been fixed, then please change the status accordingly.

On 2014-01-12 14:44:48 +0000, albert wrote:

Is this problem still relevant or has it been solved by the browsers in their more recent versions? I see that the < sign is still in the ALT text but none of the recent browsers (FireFox, IE9, Chrome, Opera) I tried had a problem with it.

If still relevant please attach a self-contained example (source+config file in a zip or tar) if possible and specify the browser that has been used.

On 2015-07-12 20:09:55 +0000, Juan wrote:

This problem is still relevant. I am having issues in Google Chrome and Firefox (versions included in latest Ubuntu 15.04).

The problem appears when using formulas with < and > symbols. For example,
* Computes the concave membership function evaluated at @f$x@f$
* @param x
* @return @f$\begin{cases}
* h \times (e - i) / (2e - i - x) & \mbox{if $i \leq e \wedge x < e$ (increasing concave)} \cr
* h \times (i - e) / (-2e + i + x) & \mbox{if $i > e \wedge x > e$ (decreasing concave)} \cr
* h & \mbox{otherwise} \cr
* \end{cases}@f$
* where @f$h@f$ is the height,
* @f$i@f$ is the inflection of the curve,
* @f$e@f$ is the end of the curve

    virtual scalar membership(scalar x) const FL_IOVERRIDE;


To reproduce, please run doxygen in the following repository:

git clone -b documentation

The Doxyfile is in root. You will require LaTeX, graphviz, dot.

After running doxygen, please search in doxygen's generated web browser for any of the following classes: Concave, Threshold, or Cosine. In each of these classes, the following error in a pink box appears at the top of the page:

This page contains the following errors:

error on line 475 at column 127: Unescaped '<' not allowed in attributes values
Below is a rendering of the page up to the first error.

On 2015-07-12 22:12:36 +0000, Juan wrote:

A fix to this bug has been submitted in pull request # 365:

On 2015-07-13 17:37:22 +0000, albert wrote:

Problem appears only in case of xhtml as output format.
As side remark why do you use \le and < and not \le and \lt

On 2015-07-13 20:08:58 +0000, Juan wrote:

Thanks for your response.

I searched for commands replacing < and >, but all I found was \textless and \textgreater, which work only in text mode, not in math mode.

What LaTeX package includes \lt and \gt?

! Undefined control sequence.
l.6 $a \lt

On 2015-07-14 16:48:44 +0000, albert wrote:

I didn't have a Latex package at hand so by head I thought \lt would be in by default as well, but is apparently not.

On 2015-07-14 22:55:57 +0000, Juan wrote:

You could create the commands as:


but this is not standard LaTeX, and then where would you write them?

The requested merge would make the escaping of XML exactly like Qt::escape (<v5.0) and QString.toHtmlEscaped() methods. In the documentation, the arguments against escaping < and > are due to performance issues, but I reckon the performance hit would be marginal at best (if any).

On 2015-07-25 19:14:26 +0000, Dimitri van Heesch wrote:

Thanks, I've merged the pull request

On 2015-12-30 10:19:24 +0000, Dimitri van Heesch wrote:

This bug was previously marked ASSIGNED, which means it should be fixed in
doxygen version 1.8.11. Please verify if this is indeed the case. Reopen the
bug if you think it is not fixed and please include any additional information
that you think can be relevant (preferably in the form of a self-contained example).

On 2015-12-30 11:14:56 +0000, Juan wrote:


I can confirm the bug has been fixed in the version 1.8.11. For future reference, the issues I ran into can be reproduced as follows:

(1) Get commit fuzzylite/fuzzylite@SHA: aa2155b9c79bc49834a7a21e434bcf4a33b630aa
(2) run doxygen versions earlier than 1.8.11
(3) open in browser the documentation for any of the following classes: Concave, Threshold, or Cosine


@doxygen doxygen closed this Jul 1, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment