If possible I would like to reserve the following entities for usage in the Danish language related files:
æ ø å Æ Ø Å
I wonder if we could have a table of reserved entities (perhaps the table could be crypted) ? or if it would be too easy for hackers to take advantage of such a table ?
Best regards,
Arne
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I think that PGV can handle the files without entities if you use UTF-8, but that is up to you.
The entities are not really a problem and I don't consider the language editor a security threat. What happened is I globally applied the html_special_chars function to all incoming variables. This corrupted the entities and the html inside the text. I will change this just for the language editor so that the html_special_chars function is not applied to the variables.
--John
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
When I began translating phpGedView to Danish, Gert Krabsen participated in the first translation, and since we witness many problems at that time - which was caused by the infamous "hidden" bytes - Gert started using html-entities as a mean to avoid the infamous "hidden" bytes being created.
When the language translation tool was introduced, most of the original reason for using entities disappeared, but for the sake of uniformity (if that word exist) I kept using html-entities.
When the mail-texts was included in the language files, the last bit of the original reason for using entities disappeared; but I'm still using the htm-entities.
One day - and hopefully it won't be long - I'll change all those html-entities back to ordinary letters.
Back then the html-entities did a good job in preventing many problems, but since we now has a language tool, the reasons for using html-entities probably are gone.
best regard
Arne
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
If possible I would like to reserve the following entities for usage in the Danish language related files:
æ ø å Æ Ø Å
I wonder if we could have a table of reserved entities (perhaps the table could be crypted) ? or if it would be too easy for hackers to take advantage of such a table ?
Best regards,
Arne
Hi Arne,
I think that PGV can handle the files without entities if you use UTF-8, but that is up to you.
The entities are not really a problem and I don't consider the language editor a security threat. What happened is I globally applied the html_special_chars function to all incoming variables. This corrupted the entities and the html inside the text. I will change this just for the language editor so that the html_special_chars function is not applied to the variables.
--John
Hi John
I'm using html-entities for historical reasons:
When I began translating phpGedView to Danish, Gert Krabsen participated in the first translation, and since we witness many problems at that time - which was caused by the infamous "hidden" bytes - Gert started using html-entities as a mean to avoid the infamous "hidden" bytes being created.
When the language translation tool was introduced, most of the original reason for using entities disappeared, but for the sake of uniformity (if that word exist) I kept using html-entities.
When the mail-texts was included in the language files, the last bit of the original reason for using entities disappeared; but I'm still using the htm-entities.
One day - and hopefully it won't be long - I'll change all those html-entities back to ordinary letters.
Back then the html-entities did a good job in preventing many problems, but since we now has a language tool, the reasons for using html-entities probably are gone.
best regard
Arne
Hi again John,
if you'll check these 4 files into CVS we are making a fresh start where the html-entities are replaced by ordinary UTF-8 chars.
Best regards,
Arne
Sorry - the link comes here:
http://sourceforge.net/tracker/index.php?func=detail&aid=877288&group_id=55456&atid=477081
Thanks Arne, I will apply the changes to the CVS.
Some of the other reasons why entities were used in the beginning was because I was new to UTF-8 and character sets. I've learned a lot since then ;-)
--John
Thanks John!
Best regards,
Arne