New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
API result values should be literal strings rather than HTML entities (Maybe a bug?) #7682
Comments
Is this still relevant? We haven't heard from anyone in a bit. If so, please comment with any updates or additional detail. |
yes |
Okay, it looks like this issue or feature request might still be important. We'll re-open it for now. Thank you for letting us know! |
Is this still relevant? We haven't heard from anyone in a bit. If so, please comment with any updates or additional detail. |
yes |
Okay, it looks like this issue or feature request might still be important. We'll re-open it for now. Thank you for letting us know! |
This is unexpected behavior. I would expect the API to output data exactly as input. Unfortunately, changing this would be a breaking change as existing code is likely expecting current behavior. It would be good to get this included in v5 with maybe an optional configuration and/or parameter for handling this as desired in v4. This is something I may be able to help with. |
Is this still relevant? We haven't heard from anyone in a bit. If so, please comment with any updates or additional detail. |
This is still relevant
… On Aug 8, 2020, at 02:24, stale[bot] ***@***.***> wrote:
still relevant
|
Okay, it looks like this issue or feature request might still be important. We'll re-open it for now. Thank you for letting us know! |
Is this still relevant? We haven't heard from anyone in a bit. If so, please comment with any updates or additional detail. |
Yes |
Okay, it looks like this issue or feature request might still be important. We'll re-open it for now. Thank you for letting us know! |
Is this still relevant? We haven't heard from anyone in a bit. If so, please comment with any updates or additional detail. |
Yes
|
Okay, it looks like this issue or feature request might still be important. We'll re-open it for now. Thank you for letting us know! |
+1 My scripts unescape all returned strings as I'm not exactly sure which strings may have HTML entities in them. |
This would leave us open to XSS attacks everywhere that we consume the API. |
is 9cf5f30 a response to this, or unrelated? |
Server (please complete the following information):
Is your feature request related to a problem? Please describe.
When fetching assets that have certain characters in field values or model name those characters are turned into HTML entities. The HTML entities are returned in the API output. The escaping seems to happen in the "Transformer" classes.
Reproduce:
"
in the name."
.Describe the solution you'd like
The API should return literal strings.
Describe alternatives you've considered
Manually un-escaping the HTML entities in my scripts.
The text was updated successfully, but these errors were encountered: