Right. The implementation of err_html_text got broken when we fixed the
cross-site-scripting issues.
There is a "do_quote = 0" missing from the code segment implementing %L
Fixing this in HEAD and 2.5 now..
Regards
Henrik
On Tuesday 01 January 2002 00.04, Joe Cooper wrote:
> Hi folks,
>
> I'm a bit confused by the err_html_text configuration directive. It is
> escaping all special characters...I can see how this would be useful if
> /only/ a URL is supposed to go there--but why call it err_html_text and
> explain in the documentation that it is for "HTML text to include in
> error messages". If you put HTML text in this field it is converted
> into an escaped string, which is distinctly not HTML.
>
> I'll submit a patch to change the documentation if this is the way it is
> supposed to act...if it shouldn't be acting this way, then I'll give a
> go to altering it (but my perusal of errorpage.c and MemBuf.c are not
> giving indicators about where the escaping is happening).
Received on Tue Jan 01 2002 - 14:26:42 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:43 MST