Simple html escape characters appear to work in the live preview but don't come through correctly. Is this a bug or intentional?
posted by scarabic to bugs at 1:07 AM (34 comments total)
2 users marked this as a favorite
It appears as digit one-digit six-digit nine in real preview, but as a copyright sign in the text-entry box. I'm about to hit Post Comment; I suspect it will come through. posted by Aidan Kehoe at 1:20 AM on October 17, 2006
I thought that's what I entered. Let's try this again. posted by scarabic at 1:26 AM on October 17, 2006
Oops, I meant the first sequence of characters appeared as a copyright symbol in live preview.
And it did. Matt's being inconsistent; he either needs to accept HTML entities, or not. “Not” would involve the equivalent of htmlspecialchars() on the text to be displayed in the text entry box after “Preview” has been hit. Mixing the two is a UI nightmare.
(南 is the Han character for “south, southwards” and I didn't enter it as a HTML entity, rather I pasted it from another application. I wonder will it make it through; Firefox will send it as UTF-8, the encoding of the page, so the only thing that could fuck it up would be Cold Fusion.) posted by Aidan Kehoe at 1:26 AM on October 17, 2006
Okay, I tried:
Ampersand-hash mark [number sign]-digit one-digit six-digit nine-semicolon
I'm not sure what's meant by "alt-0169" but typing those keystrokes didn't seem to help.
I'm a moron and I can admit it. Hope me. posted by scarabic at 1:28 AM on October 17, 2006
TGC, neither the copyright symbol, the registered trade mark sign, nor the non-registered trade mark sign are in ASCII. You're entering their Windows 1252 values. posted by Aidan Kehoe at 1:29 AM on October 17, 2006
On further del.icio.us’ing, here’s how you generate various European-language typographical symbols on a Mac. posted by Aidan Kehoe at 1:37 AM on October 17, 2006 [1 favorite]
TGC, neither the copyright symbol, the registered trade mark sign, nor the non-registered trade mark sign are in ASCII. You're entering their Windows 1252 values.
Interesting. I only call them ascii because that's what all the cool kids called them when we were Win-nuking people to blue screens while playing the first Diablo some decade ago. Oh, the days. posted by The God Complex at 1:42 AM on October 17, 2006
○
Aidan Kehoe is my hero posted by scarabic at 1:45 AM on October 17, 2006
Aidan Kehoe is my hero fucking with me. posted by scarabic at 1:46 AM on October 17, 2006
Heh. Matt’s fuсking with you (a fucking-with of omission, rather than of comission, if you can imagine such a thing); that's what I meant above by ‘mixing the two is a UI nightmare.’
I know you're not trying to lead me astry, Aidan :)
It's weird. I keep getting this little anemic-looking circle when I type in that code. Could just be my computer, although it's a pretty standard install of XP Pro.
I don't see why I can't type in basic html escape characters, though. Do they represent some security risk which other html does not? posted by scarabic at 2:12 AM on October 17, 2006
I don't see why I can't type in basic html escape characters, though.
Type — to get '—' or · to get '·'. Don't click Preview; just click Post. The semi-colon at the end is unnecessary in Live Preview, but needed when you post. posted by matthewr at 2:29 AM on October 17, 2006
Taz and I helped someone else out with this a while ago who was struggling with em dashes. mathowie popped in to the thread and stated:
entity encoding was removed when someone showed me some really easy hacks you could use it to do. It was possible to entity encode all sorts of nasty remote scripting stuff.
If you want an emdash, just copy and paste the character in or do the ampersand-mdash-semicolon, don't use the character entity. posted by davehat at 2:31 AM on October 17, 2006
The thing is, I managed to get a pound sterling symbol (£) in a recent MeTa post using HTML entities. posted by bouncebounce at 3:05 AM on October 17, 2006
So it doesn't work with decimal entities, just the named ones? What about hex values? (xA9;) posted by bouncebounce at 3:06 AM on October 17, 2006
Seems like there's a MeTa thread about this weekly, this formatting business needs an FAQ of its own, or maybe something in the wiki from whoever has a good handle on all this stuff. posted by MetaMonkey at 3:45 AM on October 17, 2006
Interesting. There are some bizarre overzealous entity-destroying rules in place. My correctly-escaped entities before the word "produces" didn't survive even though I wrote out & in full. posted by Khalad at 5:12 AM on October 17, 2006
blah blah blah our new bizarre overzealous entity-destroying overlords &c posted by cortex at 6:15 AM on October 17, 2006
This gets asked often enough to be a FAQ entry, methinks. posted by terrapin at 7:44 AM on October 17, 2006
I block all instances of ampersand-poundsign and hex values because someone showed me quite effectively how you could encode nasty XSS javascript using entities and get it to pass into MeFi and do things like send your password cookies to remote servers and whatnot.
I decided to block numbered entities because there is usually an equivalent (ampersand-copy, instead of ampersand-169, etc) that more people use (and can remember).
For security reasons, entities aren't coming back. posted by mathowie at 9:04 AM on October 17, 2006
I added that to the FAQ. posted by jessamyn at 12:03 PM on October 17, 2006
I block all instances of ampersand-poundsign and hex values because someone showed me quite effectively how you could encode nasty XSS javascript using entities and get it to pass into MeFi and do things like send your password cookies to remote servers and whatnot.
Anyone got a link explaining how this works? posted by MetaMonkey at 2:39 AM on October 18, 2006
Subscribe
That's supposed to be a copyright symbol. Looks like one in live preview...
posted by scarabic at 1:08 AM on October 17, 2006