Ticket #1146 (closed defect: fixed)

Opened 2 years ago

Last modified 2 years ago

Quotes in tiddler titles are not escaped correctly

Reported by: jayfresh Owned by: FND
Priority: undefined Milestone:
Component: tiddlyweb Version:
Severity: undefined Keywords: escaping
Cc:

Description

Hello,

When you create a new tiddler, save it to TiddlyWeb and refresh, if that tiddler has double-quotes in the title, these are not escaped correctly in the HTML.

E.g. a title of 'a tiddler with "quotes" in the title' should be serialized as:

<div title="a tiddler with "quotes" in the title">

In fact it is serialized as:

<div title="a tiddler with \"quotes\" in the title>

It looks like this is happening in tiddlyweb/serializations/html.py from line 157:

def _tiddler_div(self, tiddler): The string that starts the div that contains a tiddler. return u'<div class="tiddler" title="%s" server.page.revision="%s" ' \ 'modifier="%s" modified="%s" created="%s" tags="%s" %s>' % \ (escape_attribute_value(tiddler.title), tiddler.revision,

Change History

Changed 2 years ago by SaqImtiaz

Originally posted by cdent:

Ah yeah, whoops. This was never right was it?

Probably best thing to do is get rid of escape_attribute_value and extend tiddlyweb.web.util.html_encode so it encodes " to "

Which will require changes in both the html and wiki serializations.

Changed 2 years ago by cdent

  • status changed from new to closed
  • resolution set to fixed
Note: See TracTickets for help on using tickets.