Actions
Defect #14171
open
If the text formatting is "none", Meta characters in URLs are escaped twice.
Status:
New
Priority:
Low
Assignee:
-
Category:
Text formatting
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Resolution:
Affected version:
Description
If the text formatting is "none", Meta characters in URLs are escaped twice.
For example,
http://foo/bar.cgi&query=bazo
is formatted as:
<a href="http://foo/bar.cgi&amp;query=baz">http://foo/bar.cgi&amp;query=baz</a>
This problem is introduced by Redmine::WikiFormatting::NullFormatter#to_html (in lib/redmine/wiki_formatting.rb):
def to_html(*args)
t = CGI::escapeHTML(@text)
auto_link!(t)
auto_mailto!(t)
simple_format(t, {}, :sanitize => false)
end
Meta characters in URLs of the @text are escaped by both CGI::escapeHTML() and auto_link!() .
So,
&
becomes
&amp;
----
$ RAILS_ENV=production rake about
About your application's environment Ruby version 2.0.0 (amd64-freebsd8) RubyGems version 1.8.25 Rack version 1.4 Rails version 3.2.13 Active Record version 3.2.13 Action Pack version 3.2.13 Active Resource version 3.2.13 Action Mailer version 3.2.13 Active Support version 3.2.13 Middleware Rack::Cache, ActionDispatch::Static, Rack::Lock, #<ActiveSupport::Cache::Strategy::LocalCache::Middleware:0x00000804a48cb8>, Rack::Runtime, Rack::MethodOverride, ActionDispatch::RequestId, Rails::Rack::Logger, ActionDispatch::ShowExceptions, ActionDispatch::DebugExceptions, ActionDispatch::RemoteIp, ActionDispatch::Callbacks, ActiveRecord::ConnectionAdapters::ConnectionManagement, ActiveRecord::QueryCache, ActionDispatch::Cookies, ActionDispatch::Session::CookieStore, ActionDispatch::Flash, ActionDispatch::ParamsParser, ActionDispatch::Head, Rack::ConditionalGet, Rack::ETag, ActionDispatch::BestStandardsSupport, OpenIdAuthentication Application root (snip)/redmine-2.3.1 Environment production Database adapter sqlite3 Database schema version 20130217094251
Updated by
Actions