bug-texinfo
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Unescaped content in HTML attributes in EPUB output of texi2any


From: Benjamin Kalish
Subject: Unescaped content in HTML attributes in EPUB output of texi2any
Date: Sun, 22 Sep 2024 14:20:36 -0400

EPUB output contains unescaped content in a number of HTML attributes. I'm seeing this with:

- The content attribute for <meta> with name="description"
- The content attribute for <meta> name="keywords"
- The title attribute of the <link> elements with rel="next" and rel="prev"

HTML output also has these same tags and attributes, but the content seems fine in my case. This may not actually be due to better escaping, as it looks like entirely different content is being used for the attribute values when generating HTML, and the content is, in this case at least, safe without escaping.

Changing the values to be the same as those used when generating HTML would solve the problem in my case, but it is probably best to make sure that attribute values are always escaped.

What should be escaped? Quotation marks must be. Ambiguous ampersands must be. But it is probably prudent to escape all ampersands and all occurrences of < or >.

I'm sorry I can't suggest a fix in the code—I'm not familiar with the Texinfo codebase and it's been decades since I've coded in Perl or C.

I'm using texi2any 7.1.1

Benjamin Kalish

reply via email to

[Prev in Thread] Current Thread [Next in Thread]