Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inyoka Markup: [[Anchor(NA">ME)]] creates exotic HTML-ID #1352

Open
chris34 opened this issue Oct 12, 2024 · 0 comments
Open

Inyoka Markup: [[Anchor(NA">ME)]] creates exotic HTML-ID #1352

chris34 opened this issue Oct 12, 2024 · 0 comments
Labels
enhancement wiki

Comments

@chris34
Copy link
Member

chris34 commented Oct 12, 2024

For an example see

inyoka/tests/apps/markup/test_html_renderer.py

Lines 252 to 256 in 48cf8d5

html = render('[[Anchor(NA">ME)]]')
self.assertHTMLEqual(
html,
"""<a class="crosslink anchor" href='#NA"&gt;ME' id='NA"&gt;ME'>⚓︎</a>"""
)

For JS/CSS if we we want to access them, it is needed to escape it
document.querySelectorAll('#' + CSS.escape('NA">ME'))

This can be at least non-obvious.
(As far as i see it, no HTML can be injected though)

If not all characters should be allowed in the future, the question is, if existing links get broken?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement wiki
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chris34