Jürgen Kreileder <jk@xxxxxxxxxxxx> writes:
> Fixes the title attribute in <span title="Jürgen Kreileder">Jürgen
> Kreileder</span> for example because to_utf8() is called implicitly now.
>
> (Not sure why the attribute is there at all in the example. From my
> point of view nothing got chopped.)
Hmmm... this should not happen because of
my $chopped = chop_str(@_);
if ($chopped eq $str) {
return esc_html($chopped);
} else
Perhaps it is a matter of doing to_utf8() on $str prior to comparison?
> Signed-off-by: Juergen Kreileder <jk@xxxxxxxxxxxx>
> ---
> gitweb/gitweb.perl | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
> index 4f0c3bd..fd76407 100755
> --- a/gitweb/gitweb.perl
> +++ b/gitweb/gitweb.perl
> @@ -1699,7 +1699,7 @@ sub chop_and_escape_str {
> return esc_html($chopped);
> } else {
> $str =~ s/[[:cntrl:]]/?/g;
> - return $cgi->span({-title=>$str}, esc_html($chopped));
> + return $cgi->span({-title => esc_attr($str)}, esc_html($chopped));
> }
> }
>
> --
esc_attr() is a wrong solution here, because $cgi->span(...) should
properly escape attributes. You should simply use to_utf8() or
sanitize().
Well, uless we simply do
$str = to_utf8($str);
earlier.
--
Jakub Narębski
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html