Lillesvin Networks / BugTracker

Bug #2 - HTML testing is too inaccurate - Return to bug list

Reporter:	******	Created:	06-23-2005
Project:		Priority:
Component:		Severity:
Version:		OS:
To be Closed in Version		Database:
Closed in Version		Reported on Site
Summary:		Status:
URL:		Resolution:
Assigned To:		Add CC:
Dependencies: Add Dependency: Remove Dependency:		Remove selected CCs:

Additional Comments:

You must be logged in to modify this bug

Attachments:		Create Attachment

Name	Size	Type	Created

No attachments

Vote for this bug | View votes (2) for this bug | View bug activity | Printable View

Comments:

Posted By: ******
Date: 2:28 AM On 06-23-2005

Stuff like: <3 is captured by the HTML filter, but it shouldn't catch it since it doesn't even qualify as poorly formed HTML.

Posted By: ******
Date: 2:47 AM 06-23-2005

This bug strongly correlates with #1 and will probably be fixed as a result of fixing #1.

The use of strip_tags() when trying to determine how much of a string is HTML is clearly not a good idea, 'cause strip_tags() seems to think that everything < or > (even <<< - but not the last two of >>>, only if preceded by multiple <'s) is HTML.

Examples:
strip_tags("<3"); // Returns: ''
strip_tags("<3<>"); // Returns: ''
strip_tags("<3<<<<>"); // Returns: ''
strip_tags("<3>>>>"); // Returns: '>>>'
strip_tags("<<<<3>>>>"); // Returns: ''
strip_tags("<<<<3>"); // Returns: ''

Thus '<3' is identified as 100% HTML, which is obviously not the case, so the identification will have to become more fine-grained, also to eventually for users to allow certain HTML tags in their content. (See: #1)