Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why is " a unsafe character? #435

Closed
reisi007 opened this issue Jan 21, 2021 · 4 comments
Closed

Why is " a unsafe character? #435

reisi007 opened this issue Jan 21, 2021 · 4 comments

Comments

@reisi007
Copy link
Contributor

reisi007 commented Jan 21, 2021
edited
Loading

Hi,

Regarding the following source snippets:

flexmark-java/flexmark-util-sequence/src/main/java/com/vladsch/flexmark/util/sequence/Escaping.java

Lines 43 to 45 in c0313d6

final private static String XML_SPECIAL = "[&<>\"]";
final private static Pattern XML_SPECIAL_RE = Pattern.compile(XML_SPECIAL);

flexmark-java/flexmark-util-sequence/src/main/java/com/vladsch/flexmark/util/sequence/Escaping.java

Lines 64 to 78 in c0313d6

final private static Replacer UNSAFE_CHAR_REPLACER = new Replacer() {
@Override
public void replace(@NotNull String s, @NotNull StringBuilder sb) {
if (s.equals("&")) {
sb.append("&amp;");
} else if (s.equals("<")) {
sb.append("&lt;");
} else if (s.equals(">")) {
sb.append("&gt;");
} else if (s.equals("\"")) {
sb.append("&quot;");
} else {
sb.append(s);
}
}

Why is the " character is considered unsafe in the following context?

My usecase: I am processing Markdown, which is then processed using velocity. I rely on the fact that " is outputted as " and not as &quot;.

I am parsing the following line of markdown (which is a function call in velocity)

$object.myfun("myString")

Expected:

$object.myfun("myString")

Actual:

$object.myfun(&quot;myString&quot;)

Sources that this is valid:

Workaround:

I am currently setting the XML_SPECIAL_RE field with my own replacer, which ignores the "case.

Proposed solution:

flexmark-java/flexmark-util-html/src/main/java/com/vladsch/flexmark/util/html/HtmlAppendableBase.java

Line 128 in c0313d6

appendable.append(Escaping.escapeHtml(s, false)); 

 appendable.append(s);

Thanks for your time!
reisi007 added a commit to reisi007/reisishot.pictures that referenced this issue Jan 21, 2021
@reisi007
Workaround for vsch/flexmark-java#435
4265f71
reisi007 added a commit to reisi007/flexmark-java that referenced this issue Oct 13, 2021
@reisi007
Fix for vsch#435
64afba3
@reisi007 reisi007 reopened this Oct 13, 2021
@vsch
Copy link
Owner

vsch commented Jan 24, 2022

My apologies for taking a year to address this. You are right. This was probably inherited from original code.

I will merge your PR for next release.

vsch pushed a commit that referenced this issue Jan 24, 2022
@reisi007
Fix for #435 (#480)
3eccbef
@reisi007
Copy link
Contributor Author

Hi :)

It's okay. Hm....

Seeing it now there is a downside to this solution as well... Links for example . If the String "bla" contained a ", it would break the generated HTML.

So might be better to have a better workaround than that (I can look into this if you think that the solution above is not good enough)

@vsch
Copy link
Owner

vsch commented Jan 24, 2022

I had to back out the merge because the CommonMark spec tests require this behaviour.

If you can please go ahead with a better workaround. For the next while I am going to be busy with updates to flexmark and my JetBrains Markdown Navigator plugin so will not have time to address this.

@reisi007
Copy link
Contributor Author

It's okay :)

However I cannot run the following test

com.vladsch.flexmark.integration.test.SpecIntegrationTest

java.lang.AssertionError: Resource path: 'D:\com\vladsch\flexmark\test\util\spec.txt' not found.

We can also leave that for now, I have a workaround for my project :) And I guess I am off spec TBH

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@reisi007 @vsch