New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix invalid markup in mail_to (ampersand not escaped) #1139

Merged
merged 1 commit into from Mar 18, 2013

Conversation

Projects
None yet
2 participants
@nybblr
Contributor

nybblr commented Mar 18, 2013

Escape ampersands for validation.

It looks like this should probably be handled in the link_to helper, but I am not familiar enough with standards to know if & is supposed to be escaped in html tags in general.

Less hacky/more general solutions welcome to whoever knows more about the standards specs!

Update asset_tag_helpers.rb
Escape ampersands for validation.
@nesquena

This comment has been minimized.

Show comment
Hide comment
@nesquena

nesquena Mar 18, 2013

Member

Thanks!

Member

nesquena commented Mar 18, 2013

Thanks!

nesquena added a commit that referenced this pull request Mar 18, 2013

Merge pull request #1139 from nybblr/master
Fix invalid markup in mail_to (ampersand not escaped)

@nesquena nesquena merged commit b5a455e into padrino:master Mar 18, 2013

1 check was pending

default The Travis build is in progress
Details
@nybblr

This comment has been minimized.

Show comment
Hide comment
@nybblr

nybblr Mar 18, 2013

Contributor

No prob. Pulled the latest changes locally and now mail to validates properly. However, I put together a case with a simple anchor tag with an href that had an ampersand, and it complains about that too (both validator.nu and W3C) so it looks like this is a more general issue with the Rack::Utils function that builds the query string.

At this point I'm not sure what I should change and where; there are a few cases:

  1. all href attributes/helpers need to be escaped; this would be pretty encompassing though and possibly break many apps
  2. the Rack::Utils method called needs to do the escaping; not sure how far reaching this would be

So if &foo; entities aren't allowed at all in href attributes, option 1 sounds like the proper way to go. But I'm no standards expert 😉

Should I open another issue for further review?

~ Jonathan Martin

Contributor

nybblr commented Mar 18, 2013

No prob. Pulled the latest changes locally and now mail to validates properly. However, I put together a case with a simple anchor tag with an href that had an ampersand, and it complains about that too (both validator.nu and W3C) so it looks like this is a more general issue with the Rack::Utils function that builds the query string.

At this point I'm not sure what I should change and where; there are a few cases:

  1. all href attributes/helpers need to be escaped; this would be pretty encompassing though and possibly break many apps
  2. the Rack::Utils method called needs to do the escaping; not sure how far reaching this would be

So if &foo; entities aren't allowed at all in href attributes, option 1 sounds like the proper way to go. But I'm no standards expert 😉

Should I open another issue for further review?

~ Jonathan Martin

@nesquena

This comment has been minimized.

Show comment
Hide comment
@nesquena

nesquena Mar 21, 2013

Member

Hmm, yeah please do we can resolve it for the next release. Thanks

Member

nesquena commented Mar 21, 2013

Hmm, yeah please do we can resolve it for the next release. Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment