Skip to content

feat(escape): escape ' as '#823

Closed
Martin1887 wants to merge 3 commits intomasterfrom
fix-598
Closed

feat(escape): escape ' as '#823
Martin1887 wants to merge 3 commits intomasterfrom
fix-598

Conversation

@Martin1887
Copy link
Collaborator

@Martin1887 Martin1887 commented Jan 26, 2024
edited
Loading

Fix #598

notriddle
notriddle reviewed Jan 27, 2024
View reviewed changes
src/escape.rs
static HTML_ESCAPE_TABLE: [u8; 256] = create_html_escape_table();

static HTML_ESCAPES: [&str; 5] = ["", """, "&", "<", ">"];
static HTML_ESCAPES: [&str; 6] = ["", """, "&", "<", ">", "'"];
Copy link
Collaborator

@notriddle notriddle Jan 27, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In rustdoc, we have two escape functions: one used in attributes, and the other in body text. It's an easy way to avoid lots of bloat from escaping apostrophes and double quotes, which are very common in both English text and Rust source code.

Copy link
Collaborator Author

@Martin1887 Martin1887 Jan 27, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, I think that would be an enhancement, but a bit of bloat is preferable to security issues :). If you can work in crate the separated escape function we can merge that, but I think we can merge this meanwhile (when tests pass, I have to check why it is not working using simd), what do you think?

Copy link
Collaborator Author

@Martin1887 Martin1887 Jan 27, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Really weird, I don't get why the '39' (b'\'') is not replaced in sim, it does not nothing special.

Copy link
Collaborator

@notriddle notriddle Jan 27, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you forgot to update this thing:

https://github.com/raphlinus/pulldown-cmark/blob/4743facf2f0027c321c7f68be9df716fd6ec4625/src/escape.rs#L229-L237

Copy link
Collaborator Author

@Martin1887 Martin1887 Jan 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, I missed that, thanks!

@notriddle notriddle mentioned this pull request Jan 27, 2024
Merged
@Martin1887
Copy link
Collaborator Author

Martin1887 commented Jan 28, 2024

Closed in favor of #830.

@Martin1887 Martin1887 closed this Jan 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@notriddle notriddle notriddle left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

escape_html: Single quotes not escaped

2 participants

@Martin1887 @notriddle