htmLawed allowing illegal unicode character entity [#269042]

htmLawed allows invalid Unicode characters through, such as U+FFFE, regardless of whether using hex or dec representation. If the site serves the page up as XHTML, the whole page will break.

Comments

Comment #1

alpha2zee commented 11 June 2008 at 08:41

Assigned:	Unassigned	» alpha2zee
Status:	Active	» Fixed

This is fixed in the just-released version 2.1 of the module. The module now uses htmLawed 1.0.9 that has the entity-pointing-to-invalid-character issue fixed.

htmLawed neutralizes all entities referring to characters that are invalid (hexdec code-points other than 9, a, d, 20 to d7ff, and e000 to 10ffff except fffe and ffff), and the entities referring to characters that are discouraged (hexdec code-points 7f to 84, 86 to 9f, and fdd0 to fddf). Entities referring to the remaining discouraged [note that they are not invalid] characters are let through.

Comment #2

alpha2zee commented 11 June 2008 at 08:42

Title:

htmLawed allows illegal unicode characters

» htmLawed allowing illegal unicode character entity

Comment #3

alpha2zee commented 12 June 2008 at 20:02

Status:

Fixed

» Closed (fixed)

htmLawed allowing illegal unicode character entity

Comments

Comment #1

Comment #2

Comment #3

News items

Our community

Documentation

Drupal code base

Governance of community