Opened 5 years ago

Closed 4 years ago

#18404 closed defect (patchwelcome)

Dojox HTML encoding/decoding does not work properly

Reported by: g00glen00b Owned by: Adam Peller
Priority: undecided Milestone: future
Component: Dojox Version: 1.10.2
Keywords: Cc:
Blocked By: Blocking:

Description

The dojox/html/entities module does not work properly. Currently this module uses multiple maps to encode/decode characters to HTML entities, for example:

str = _applyDecodingMap(str, dhe.html);
str = _applyDecodingMap(str, dhe.latin);

But this is simply not correct. By using two separate steps, you could possibly encode/decode wrong things, for example:

€

If you do things in two steps, then the & part will be decoded first using the dhe.html map. The result after the first operation is:

€

However, by applying the second map, you're encoding/decoding parts that may have already been encoded or decoded, in this example it will result in € being decoded by the dhe.latin map into:

So, € is being decoded into in one step which is wrong. The cause is operating a decode process on an already partially decoded value.

To solve this issue you will probably have to merge both maps before operating the decode or encode process, for example:

var charMap = dhe.html.concat(dhe.latin);
str = _applyDecodingMap(str, charMap);

Original report on StackOverflow?: http://stackoverflow.com/questions/23800962/potential-dojo-bug

Change History (2)

comment:1 Changed 5 years ago by bill

Makes sense. If someone wants to submit a PR (after filing a CLA) I will push it. The test case should be added to tests/entities.js, which can be run from http://localhost/trunk/util/doh/runner.html?testModule=dojox.html.tests.entities (but adjust the PATH to fit your system).

comment:2 Changed 4 years ago by dylan

Milestone: tbdfuture
Resolution: patchwelcome
Status: newclosed

Marking as patch welcome. As noted, if someone wants to work on this issue, we're happy to accept a pull request and review it.

Note: See TracTickets for help on using tickets.