Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

html_entity_decode() clears the DOM entities #145

Closed
wants to merge 1 commit into from
Closed

html_entity_decode() clears the DOM entities #145

wants to merge 1 commit into from

Conversation

techi602
Copy link
Contributor

Although biggest issue with foreign encoding was fixed in #131 the problem is that some e-mail clients such as thunderbird have issues with displaying entities as characters. Therefore is safer to present them UTF-8 characters instead of entities.

@stof
Copy link
Collaborator

stof commented Jul 22, 2016

this is broken, because some of them cannot be decoded (for instance, decoding < can change the HTML a lot, opening vulnerabilities in the HTML if it is followed by something under the control of the user)

@techi602
Copy link
Contributor Author

@stof thanks for noticing security issue.
i added some nasty preg_replace hack to avoid lt; gt; being translated

I have noticed similar hack used in #138

@techi602 techi602 force-pushed the html-entities branch 2 times, most recently from 097ebec to 653c8ca Compare July 22, 2016 14:04
@stof
Copy link
Collaborator

stof commented Jul 22, 2016

@techi602 decoding &amp; also changes issue. If the original code was &amp;lt; (to display a literal &lt; in an explanation about entities for instance), you will turn it into &lt;, which displays <

@techi602
Copy link
Contributor Author

@stof I dont think so - so i added testSpecialCharactersExplicit()

stof
stof reviewed Jul 22, 2016
View reviewed changes
tests/CssToInlineStylesTest.php
public function testSpecialCharacters()
{
$text
= '1 &lt; 2';
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

line wrapping is useless. You should keep things on the same line

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

well the reason is to be human readable so you can see that two lines are the same
Or would you prefer to have only one variable for $actual and $expected?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't find this code more readable actually. It just looks weird

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so how about now? 😄

@techi602 techi602 mentioned this pull request Jul 22, 2016
Merged
@techi602 techi602 mentioned this pull request Aug 18, 2016
Merged
@techi602
Copy link
Contributor Author

techi602 commented Sep 5, 2016

Fixed in #154

@techi602 techi602 closed this Sep 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@techi602 @stof