Re: gitweb not friendly to firefox revived

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Uwe Kleine-König  <u.kleine-koenig@xxxxxxxxxxxxxx> writes:

> Hello,
> 
> gitweb (at least) doesn't quote author names enough.
> 
> Firefox barfs for me at looking at
> 
> 	http://git.pengutronix.de/?p=ukl/linux-2.6.git;a=shortlog;h=v2.6.16.10
> 
> with an error:
> 
> 	XML Parsing Error: not well-formed Location:
> http://git.pengutronix.de/?p=ukl/linux-2.6.git;a=shortlog;h=v2.6.16.10
> Line Number 112, Column 81:
> <td class="author"><a title="Search for commits authored by YOSHIFUJI Hideaki / ?$B5HF#1QL@?(B" class="list" href="/?p=ukl/linux-2.6.git;a=search;h=v2.6.16.10;s=YOSHIFUJI+Hideaki+/+%1B%24B5HF%231QL@%1B(B;st=author"><span title="YOSHIFUJI Hideaki / ?$B5HF#1QL@?(B">YOSHIFUJI Hideaki...  </span></a></td><td><a class="list subject" title="[PATCH] IPV6: XFRM: Fix decoding session with preceding extension header(s)." href="/?p=ukl/linux-2.6.git;a=commit;h=fa39df2ff7f6102f1f37d3cf1f68243534d56253">[PATCH] IPV6: XFRM: Fix decoding session with preceding... </a></td>
> --------------------------------------------------------------------------------^
> 
> This is with git 1.7.1 and Iceweasel (aka. Firefox) 3.5.10.
> 
> Making
> 
> 	title=>"Search for commits $performed by $author"
> 
> in line 1694 of Debian's /usr/lib/cgi-bin/gitweb.cgi from the git 1.7.1
> package read
> 
> 	title=>esc_html("Search for commits $performed by $author")
> 
> this problem goes away.  (Still my browser barfs when clicking at the name.)
> 
> I'm not sure if this is the right way to fix this and I'm too tired now
> to do a complete patch, so I let this for someone else.

Actually gitweb leaves quoting of tag attributes to CGI module:

  return $cgi->a({-href => href(action=>"search", hash=>$hash,
                                searchtext=>$author, searchtype=>$searchtype),
                  -class => "list",
                  -title => "Search for commits $performed by $author"},
                 $displaytext);

I am worrying (perhaps unnecessary) that using esc_html would result
in double escaping.  But it looks like the problem is with Unicode,
so perhaps using

  	title => to_utf8("Search for commits $performed by $author")

in place of

  	title=>esc_html("Search for commits $performed by $author")

would be a better fix?  Does this fix work for you?


Cc-ed Stephen Boyd, who is author of commit e133d65 (gitweb: linkify
author/committer names with search, 2009-10-15), introducing the code
you found this bug in.

-- 
Jakub Narebski
Poland
ShadeHawk on #git
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]