#9 bug to match attribute value with a '>' inside

open
nobody
5
2004-06-09
2004-06-09
Anonymous
No

below html code with comments describing bug:

----------------------------------------------
<html>
<head>
<title>
a title
</title>
</head>
<body>

<!-- bug in matching next attribute value
actually match:
'a string with <another string'
instead of:
'a string with <another string>'

first occurence of '>' is considered as ending tagelement
and rest 'etc" >' is considered as text
-->
<tagelement attribute="a string with <another string>
etc" >
</body>
</html>

Discussion

  • Nobody/Anonymous

    Logged In: NO

    SIMPLE FIX: Replace readValueInTag() and skipToInTag() with
    the following code:

    function readValueInTag() {
    // Corrected for Attributes including a
    tag's closing brace
    $ch = $this->iCurrentChar;
    $value = "";
    if ($ch == "\"") {
    $this->skipMaxInTag ("\"", 1);
    $value = $this->skipToInTag ("\"",true);
    $this->skipMaxInTag ("\"", 1);
    }
    else if ($ch == "'") {
    $this->skipMaxInTag ("'", 1);
    $value = $this->skipToInTag ("'",true);
    $this->skipMaxInTag ("'", 1);
    }
    else {
    $value = $this->skipToBlanksInTag();
    }
    return $value;
    }

    function skipToInTag ($chars,$ignore_endtag=false) {
    $sb = "";
    while (($ch = $this->iCurrentChar) !== -1) {
    $match = ($ch == ">" AND !$ignore_endtag); //
    closing tag brace may be ignored (if part of attribute
    value)
    if (!$match) {
    for ($idx = 0; $idx < count($chars);
    $idx++) {
    if ($ch == $chars[$idx]) {
    $match = true;
    break;
    }
    }
    }
    if ($match) {
    return $sb;
    }
    $sb .= $ch;
    $this->moveNext();
    }
    return $sb;
    }

     
  • Anonymous - 2007-02-13

    Logged In: YES
    user_id=1148016
    Originator: NO

    Doesn't matter, this is not a bug.

    HTML CANNOT have tags inside tags and you are just doing something stupid in the above code, it is ILLEGAL HTML. You are meant to use the HTML representations of those tags which is &lt; (for less than <) and &gt; (for greater than >). This applies every time you want these INSIDE any attribute/tag and don't want them to be interpreted as HTML-tags by the browser.

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks