diet-ng 1.8.3: source/diet/internal/html.d:185: data modification (truncation) in filterHTMLEscape? - D Programming Language Discussion Forum

Forums

New users
- Learn
Community
- General
- Announce
Improvements
- DIP Ideas
- DIP Devel.
Ecosystem
- GDC
- LDC
- Debuggers
- IDEs
- DWT
Development
- Internals
- Issues
- Beta
- DMD
- Phobos
- Druntime
- Study
Turkish
- Genel
- Duyuru

Index » General » diet-ng 1.8.3: source/diet/internal/html.d:185: data modification (truncation) in filterHTMLEscape?

Thread overview

diet-ng 1.8.3: source/diet/internal/html.d:185: data modification (truncation) in filterHTMLEscape?
Apr 27 kdevel
Apr 28 Sönke Ludwig
Apr 28 Sönke Ludwig

April 27

diet-ng 1.8.3: source/diet/internal/html.d:185: data modification (truncation) in filterHTMLEscape?

Posted by kdevel

kdevel

The actual modification happens in the line marked as (1). But this is not the location of the root cause.

The variable ch is of type dchar. Does anybody see the problem?

    switch (ch) {
		default:
			if (flags & HTMLEscapeFlags.escapeUnknown) {
				dst.put("&#");
				dst.put(to!string(cast(uint)ch));
				dst.put(';');
			} else dst.put(ch);
			break;
		case '"':
			if (flags & HTMLEscapeFlags.escapeQuotes) dst.put("&quot;");
			else dst.put('"');
			break;
		case '\'':
			if (flags & HTMLEscapeFlags.escapeQuotes) dst.put("&#39;");
			else dst.put('\'');
			break;
		case '\r', '\n':
			if (flags & HTMLEscapeFlags.escapeNewline) {
				dst.put("&#");
				dst.put(to!string(cast(uint)ch));
				dst.put(';');
			} else dst.put(ch);
			break;
		case 'a': .. case 'z': goto case;
		case 'A': .. case 'Z': goto case;
		case '0': .. case '9': goto case;
		case ' ', '\t', '-', '_', '.', ':', ',', ';',
			 '#', '+', '*', '?', '=', '(', ')', '/', '!',
			 '%' , '{', '}', '[', ']', '`', '´', '$', '^', '~':
			dst.put(cast(char)ch); // <<----- (1)
			break;
		case '<': dst.put("&lt;"); break;
		case '>': dst.put("&gt;"); break;
		case '&': dst.put("&amp;"); break;
	}

[1] https://github.com/rejectedsoftware/diet-ng/blob/master/source/diet/internal/html.d

April 28

Re: diet-ng 1.8.3: source/diet/internal/html.d:185: data modification (truncation) in filterHTMLEscape?

Posted by Sönke Ludwig
in reply to kdevel

Sönke Ludwig

Posted in reply to kdevel

Am 27.04.2025 um 23:01 schrieb kdevel:
> The actual modification happens in the line marked as `(1)`. But this is not the location of the root cause.
>
> The variable `ch` is of type `dchar`. Does anybody see the problem?
>
> ```d
>          case 'a': .. case 'z': goto case;
>          case 'A': .. case 'Z': goto case;
>          case '0': .. case '9': goto case;
>          case ' ', '\t', '-', '_', '.', ':', ',', ';',
>               '#', '+', '*', '?', '=', '(', ')', '/', '!',
>               '%' , '{', '}', '[', ']', '`', '´', '$', '^', '~':
>              dst.put(cast(char)ch); // <<----- (1)
>              break;
> ```

I was going to say that these are all ASCII characters, but it appears that the '´' has slipped in there erroneously (0xB4, outside of the ASCII range).

April 28

Re: diet-ng 1.8.3: source/diet/internal/html.d:185: data modification (truncation) in filterHTMLEscape?

Posted by Sönke Ludwig
in reply to Sönke Ludwig

Sönke Ludwig

Posted in reply to Sönke Ludwig

https://github.com/vibe-d/vibe-inet/pull/12

Top | Forum index | About this forum

Copyright © 1999-2021 by the D Language Foundation