#774 BuildReportFormat=xhtml

open
nobody
5
2014-12-21
2009-11-09
No

Hello,

When BuildReportFormat=xhtml, instead of producing AT&T it produces AT&T and the generated xhtml file does not validate.

Discussion

  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2010-05-07

    I guess you mean the extra sections. (btw. your error report is not very meaningful)

    I recently had the same problem: & was not escaped in the extra sections and thus I created a patch.

     
    Last edit: Anonymous 2015-05-16
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2010-05-07

    --- awstats.pl.orig 2009-10-10 14:36:38.000000000 +0200
    +++ awstats.pl 2010-05-07 17:12:12.000000000 +0200
    @@ -7624,17 +7624,17 @@
    # Parameters: stringtoencode
    # Return: encodedstring
    #------------------------------------------------------------------------------
    sub XMLEncode {
    if ( $BuildReportFormat ne 'xhtml' && $BuildReportFormat ne 'xml' ) {
    return shift;
    }
    my $string = shift;
    - $string =~ s/&/&/g;
    + $string =~ s/&(?![#\w]+;)/&/g;
    $string =~ s//>/g;
    $string =~ s/\"/"/g;
    $string =~ s/\'/'/g;
    return $string;
    }

    #------------------------------------------------------------------------------
    @@ -7644,17 +7644,17 @@
    # Parameters: stringtoencode
    # Return: encodedstring
    #------------------------------------------------------------------------------
    sub XMLEncodeForHisto {
    my $string = shift;
    $string =~ s/\s/%20/g;
    if ( $BuildHistoryFormat ne 'xml' ) { return $string; }
    $string =~ s/=/%3d/g;
    - $string =~ s/&/&/g;
    + $string =~ s/&(?![#\w]+;)/&/g;
    $string =~ s//>/g;
    $string =~ s/\"/"/g;
    $string =~ s/\'/'/g;
    return $string;
    }

    #------------------------------------------------------------------------------
    @@ -7748,16 +7748,17 @@
    # Return: cleanedstring
    #------------------------------------------------------------------------------
    sub CleanXSS {
    my $stringtoclean = shift;

    # To avoid html tags and javascript
    $stringtoclean =~ s/</&lt;/g;
    $stringtoclean =~ s/>/&gt;/g;
    
    • $stringtoclean =~ s/&(?![#\w]+;)/&/g;
      $stringtoclean =~ s/|//g;

      To avoid onload="

      $stringtoclean =~ s/onload//g;
      return $stringtoclean;
      }

    #------------------------------------------------------------------------------

     
    Last edit: Anonymous 2016-01-28

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks