Junio C Hamano wrote:
> This reuses the quot_cec to protect blob and text diff output
> from leaking control characters.
>
> Signed-off-by: Junio C Hamano <junkio@xxxxxxx>
> ---
> * requesting extra sets of eyeballs.
This changes the "blob" and "text diff" output somewhat, as earlier it
used Control key Sequence (CS) representation for some non-whitespace
control characters (not "\t' not '\n'), namely replacing form feed (FF)
('\f', '\014') with ^L and escape (ESC) ('\e', '\033') with ^[.
And (what is not said in the commit message) it additionally esc_html
some title elements (the subroutine should be I think named esc_attr).
The problems are:
1. First, esc_path should _not_ use subroutine which does it's own
contol characters escaping. That was also a mistake I made in my patch.
Perhaps we should have some quot_html or to_html subroutine which does
_only_ to_utf8 (decode from Encode module), escapeHTML and optionally
s/ / /g conversion.
2. In my opinion CS is better than CEC for quoting/escaping control
characters in the "bulk" output, namely "blob" output and "text
diff" (patchset body) output. CEC is better for pathnames (which must
fit in one line), and perhaps other one-liners; perhaps not. I'm not
sure what quoting to choose for esc_attr, but there we could use even
--no-control-chars quoting (replacing any control character by '?');
but perhaps in some cases like git_print_page_path subroutine CEC is
better.
BTW. what had happened with to_qtext post?
--
Jakub Narebski
Poland
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html