cvs: quotes show up as " instead of "

ziddey

Joined: 2004-11-01
Posts: 52
Posted: Mon, 2005-02-07 05:09

when using gallery remote (and i assume everywhere else), when a " is typed in for example the caption, it'll show up as & in gallery2 cvs
 
mindless
mindless's picture

Joined: 2004-01-04
Posts: 8601
Posted: Mon, 2005-02-07 06:28

show up where? it should send " to your browser, as that is the html entity for a "
but if you see the text " in your browser something is wrong.. browser/version?
 
ziddey

Joined: 2004-11-01
Posts: 52
Posted: Mon, 2005-02-07 14:35
mindless wrote:
show up where? it should send & to your browser, as that is the html entity for a "
but if you see the text & in your browser something is wrong.. browser/version?

I understand that & is html for a quote symbol but it's actually showing the code instead of the quote. ie6, firefox1, everything.
 
ziddey

Joined: 2004-11-01
Posts: 52
Posted: Mon, 2005-02-07 14:41

crap, i didnt notice that where i write & quot ;, it only shows up as &.
 
mindless
mindless's picture

Joined: 2004-01-04
Posts: 8601
Posted: Mon, 2005-02-07 16:03
ziddey wrote:
(and i assume everywhere else)

can you test that assumption?
 
bharat
bharat's picture

Joined: 2002-05-21
Posts: 7994
Posted: Wed, 2005-02-09 04:39

Yes, this is the case. We escape the following characters inthe database:

Quote:
" ' & < >

This is a security precaution; we do it so that these characters don't accidentally get interpreted as raw HTML and therefore allow your browser to be tricked into XSS exploits.

Is this causing you a problem? Or is this merely an observation? Thanks.