Comments on: A Strong Test for Markup In Titles & Summaries

By: Mokka mit Schlag » Is This a Security Issue?

Mokka mit Schlag » Is This a Security Issue? — Sun, 18 Mar 2007 11:59:56 +0000

[...] Mokka mit Schlag » Web Development: Blogging: PHP « A Strong Test for Markup In Titles & Summaries [...]

By: Ed Davies

Ed Davies — Sat, 17 Mar 2007 20:40:10 +0000

Whatever with respect to the Atom stuff - this page looks bloody awful viewed directly in Firefox. I haven’t followed through what’s happening fully but, as far as I can see having downloaded the page with wget, the problems start with the double quotes in the double-quote delimited title attribute of the h1 element.

By: Elliotte Rusty Harold

Elliotte Rusty Harold — Sat, 17 Mar 2007 19:48:45 +0000

The problem is that escaped HTML isn’t just text. I get bug reports every time I try to treat it as just text. Escaped HTML is only really just text when you really do want to see the markup as text. For example, it’s completely legitimate to include escaped in HTML a web page about HTML. However escaped HTML in other contexts just makes life difficult. I can’t parse it; and even if I double parse, it’s more than likely malformed.

By: John Cowan

John Cowan — Sat, 17 Mar 2007 19:13:21 +0000

Escaped HTML isn’t evil as such; it’s just another text format. It’s unmarked escaped HTML that’s evil, as in the RSS variants, where you have to guess whether the person at the other end will interpret what you send as plain text or HTML.

I have an RSS feed that represents a bunch of plain-text documents: consequently I have to first convert the plain text into HTML, then escape the HTML. In Atom, of course, I just mark the summary as plain.