Bug report page about broken HTML is broken because the broken HTML isn’t escaped

Sat, 12 Dec 2015 13:40:29 EST
inter@[REDACTED]

All of the links on this page point to the wrong domain: http://bugs.9front.org/open/mothra_changes_stored_url_on_window_redraw/


discussion:

From:
sl@[REDACTED] To:
9front-bugs@[REDACTED] Subject: Re: [9front-bugs] Bug report page about broken HTML is broken because the broken HTML isn’t escaped Reply-To:
9front-bugs@[REDACTED]

> /n/bugs/open/bug_report_page_about_broken_html_is_broken_because_the_broken_html_isnt_escaped/readme > http://bugs.9front.org/open/bug_report_page_about_broken_html_is_broken_because_the_broken_html_isnt_escaped > >
inter@[REDACTED] > > All of the links on this page point to the wrong domain: > http://bugs.9front.org/open/mothra_changes_stored_url_on_window_redraw/readme

This does not appear to be a bug.

The raw text of the bug report was imported manually (snarf and paste) from the old Google bug tracker.

Raw text of the bug is here:

/n/bugs/open/mothra_changes_stored_url_on_window_redraw/readme

sl


Date: Sat, 12 Dec 2015 15:17:20 -0500 From:
sl@[REDACTED] To:
9front-bugs@[REDACTED] Subject: Re: [9front-bugs] Bug report page about broken HTML is broken because the broken HTML isn’t escaped

> the bug is that the text contains the line from the > “discussion section”:…. > > Jun 6, 2014 Project Member #6 stanley.lieber > > the tvtropes HTML contains the following: > > HERE —–^…. causing the baseurl to be changed of the page > in mothra. i think what he expects the werc page todo is to > escape html tags inside the comment thread so this cannot > happen. — cinap

I see. He’s right, werc doesn’t escape HTML.

I’m going to be AFK all day but I can take a look at this later.

sl


Date: Sat, 12 Dec 2015 23:05:06 +0100 From:
cinap_lenrek@[REDACTED] To:
9front-bugs@[REDACTED] Subject: Re: [9front-bugs] Bug report page about broken HTML is broken because the broken HTML isn’t escaped Reply-To:
9front-bugs@[REDACTED]

haha, i see what you did here :–)

— cinap


Date: Sat, 12 Dec 2015 20:29:33 -0500 From:
sl@[REDACTED] To:
9front-bugs@[REDACTED] Subject: Re: [9front-bugs] Bug report page about broken HTML is broken because the broken HTML isn’t escaped Reply-To:
9front-bugs@[REDACTED]

> the bug is that the text contains the line from the “discussion section”: > > …. > <p>Jun 6, 2014 Project Member #6 stanley.lieber</p> > > <p>the tvtropes HTML contains the following:</p> > > <p><base href=“http://tvtropes.org/pmwiki/pmwiki.php/” /></p> > HERE —–^ > …. > > causing the baseurl to be changed of the page in mothra. i think what he > expects the werc page todo is to escape html tags inside the comment > thread so this cannot happen.

Okay:

This error seemed to have affected the Google bug tracker page; when I initially copied these old bugs into the new system, I manually snarf/pasted the information, and the links had already been rendered incorrectly due to the <base> tag. All of the links in the raw text of the new copy of the bug report are already full URLs that begin with http:// in the source.

I will look into ways to filter various tags (like <base>) at the level of the markdown processor. There are several alternatives available.

sl


Date: Sun, 13 Dec 2015 02:32:16 +0100 From:
cinap_lenrek@[REDACTED] To:
9front-bugs@[REDACTED] Subject: Re: [9front-bugs] Bug report page about broken HTML is broken because the broken HTML isn’t escaped Reply-To:
9front-bugs@[REDACTED]

all you need todo is to escape <, > and &, not try to check for tags.

— cinap


Date: Sat, 12 Dec 2015 21:37:26 -0500 From:
sl@[REDACTED] To:
9front-bugs@[REDACTED] Subject: Re: [9front-bugs] Bug report page about broken HTML is broken because the broken HTML isn’t escaped Reply-To:
9front-bugs@[REDACTED]

> all you need todo is to escape <, > and &, not try to check for tags.

Since we explicitly DON’T want to render user-provided HTML here, this would be fine. For the bugs.9front.org site I’ve overloaded werc’s default md_handler:

fn md_handler{ 
    &#60;$1 sed 's/\&#38;/\&#38;#38\;/g; s/&#60;/\&#38;#60\;/g; s/&#62;/\&#38;#62\;/g' |
    $formatter |
    sed 's/^.+@/&#60;br&#62;REDACTED@/'
}

sl


Sat, 12 Dec 2015 21:45:00 EST sl