Why do escape characters disappear? October 17, 2006 1:07 AM   Subscribe

Simple html escape characters appear to work in the live preview but don't come through correctly. Is this a bug or intentional?
posted by scarabic to Bugs at 1:07 AM (34 comments total) 2 users marked this as a favorite

169;

That's supposed to be a copyright symbol. Looks like one in live preview...
posted by scarabic at 1:08 AM on October 17, 2006


Unfortunately, it's a "169;" after posting.
posted by scarabic at 1:08 AM on October 17, 2006


© is Ampersand-hash mark [number sign]-digit one-digit six-digit nine-semicolon and appears as such in live preview.

It appears as digit one-digit six-digit nine in real preview, but as a copyright sign in the text-entry box. I'm about to hit Post Comment; I suspect it will come through.
posted by Aidan Kehoe at 1:20 AM on October 17, 2006


Just use ascii like me!

© = alt-0169
® = alt-0174
™ = alt-0153
posted by The God Complex at 1:25 AM on October 17, 2006


169;

I thought that's what I entered. Let's try this again.
posted by scarabic at 1:26 AM on October 17, 2006


Oops, I meant the first sequence of characters appeared as a copyright symbol in live preview.

And it did. Matt's being inconsistent; he either needs to accept HTML entities, or not. “Not” would involve the equivalent of htmlspecialchars() on the text to be displayed in the text entry box after “Preview” has been hit. Mixing the two is a UI nightmare.

(南 is the Han character for “south, southwards” and I didn't enter it as a HTML entity, rather I pasted it from another application. I wonder will it make it through; Firefox will send it as UTF-8, the encoding of the page, so the only thing that could fuck it up would be Cold Fusion.)
posted by Aidan Kehoe at 1:26 AM on October 17, 2006


Okay, I tried:

Ampersand-hash mark [number sign]-digit one-digit six-digit nine-semicolon

I'm not sure what's meant by "alt-0169" but typing those keystrokes didn't seem to help.

I'm a moron and I can admit it. Hope me.
posted by scarabic at 1:28 AM on October 17, 2006


TGC, neither the copyright symbol, the registered trade mark sign, nor the non-registered trade mark sign are in ASCII. You're entering their Windows 1252 values.
posted by Aidan Kehoe at 1:29 AM on October 17, 2006


Scarabic, it's five keystrokes. Hold down Alt, enter 0 1 6 9 on the numeric keypad, release Alt. This won't work if you're on a Mac, though--in that case, I believe ⌘ - r will give you the ® sign, ⌘ - 2 the ™ sign, and ⌘ - g the © sign, but I don't have one to hand to confirm that.
posted by Aidan Kehoe at 1:34 AM on October 17, 2006


On further del.icio.us’ing, here’s how you generate various European-language typographical symbols on a Mac.
posted by Aidan Kehoe at 1:37 AM on October 17, 2006 [1 favorite]


TGC, neither the copyright symbol, the registered trade mark sign, nor the non-registered trade mark sign are in ASCII. You're entering their Windows 1252 values.

Interesting. I only call them ascii because that's what all the cool kids called them when we were Win-nuking people to blue screens while playing the first Diablo some decade ago. Oh, the days.
posted by The God Complex at 1:42 AM on October 17, 2006




Aidan Kehoe is my hero
posted by scarabic at 1:45 AM on October 17, 2006


Aidan Kehoe is my hero fucking with me.
posted by scarabic at 1:46 AM on October 17, 2006


Heh. Matt’s fuсking with you (a fucking-with of omission, rather than of comission, if you can imagine such a thing); that's what I meant above by ‘mixing the two is a UI nightmare.’

© is what I get when I type Alt 0 1 6 9 , click Preview, and then click Post Comment. I can only enter your funky white circle by pasting from another app.
posted by Aidan Kehoe at 1:57 AM on October 17, 2006



posted by scarabic at 2:10 AM on October 17, 2006


I know you're not trying to lead me astry, Aidan :)

It's weird. I keep getting this little anemic-looking circle when I type in that code. Could just be my computer, although it's a pretty standard install of XP Pro.

I don't see why I can't type in basic html escape characters, though. Do they represent some security risk which other html does not?
posted by scarabic at 2:12 AM on October 17, 2006


I don't see why I can't type in basic html escape characters, though.

Type — to get '—' or · to get '·'. Don't click Preview; just click Post. The semi-colon at the end is unnecessary in Live Preview, but needed when you post.
posted by matthewr at 2:29 AM on October 17, 2006


& copy ; (no spaces) gives ©

Taz and I helped someone else out with this a while ago who was struggling with em dashes. mathowie popped in to the thread and stated:

entity encoding was removed when someone showed me some really easy hacks you could use it to do. It was possible to entity encode all sorts of nasty remote scripting stuff.

If you want an emdash, just copy and paste the character in or do the ampersand-mdash-semicolon, don't use the character entity.

posted by davehat at 2:31 AM on October 17, 2006


The thing is, I managed to get a pound sterling symbol (£) in a recent MeTa post using HTML entities.
posted by bouncebounce at 3:05 AM on October 17, 2006


So it doesn't work with decimal entities, just the named ones? What about hex values? (xA9;)
posted by bouncebounce at 3:06 AM on October 17, 2006


Seems like there's a MeTa thread about this weekly, this formatting business needs an FAQ of its own, or maybe something in the wiki from whoever has a good handle on all this stuff.
posted by MetaMonkey at 3:45 AM on October 17, 2006


Without clicking preview:
© produces ©
&169; produces 169;
xA9; produces xA9;

After clicking preview:
© produces ©
&169; produces ©
xA9; produces ©
posted by Khalad at 5:08 AM on October 17, 2006


Interesting. There are some bizarre overzealous entity-destroying rules in place. My correctly-escaped entities before the word "produces" didn't survive even though I wrote out & in full.
posted by Khalad at 5:12 AM on October 17, 2006


blah blah blah our new bizarre overzealous entity-destroying overlords &c
posted by cortex at 6:15 AM on October 17, 2006


This gets asked often enough to be a FAQ entry, methinks.
posted by terrapin at 7:44 AM on October 17, 2006


I block all instances of ampersand-poundsign and hex values because someone showed me quite effectively how you could encode nasty XSS javascript using entities and get it to pass into MeFi and do things like send your password cookies to remote servers and whatnot.

I decided to block numbered entities because there is usually an equivalent (ampersand-copy, instead of ampersand-169, etc) that more people use (and can remember).

For security reasons, entities aren't coming back.
posted by mathowie (staff) at 9:04 AM on October 17, 2006


I added that to the FAQ.
posted by jessamyn (staff) at 12:03 PM on October 17, 2006


& copy; produces ©

I got: © and ™ (& trade;), but how to you get the ® (I copied this one from upthread?)
posted by quin at 1:00 PM on October 17, 2006


® = & reg ; (without the spaces)
posted by willnot at 1:31 PM on October 17, 2006


Thanks willnot.
posted by quin at 2:53 PM on October 17, 2006


you could encode nasty XSS javascript using entities and get it to pass into MeFi and do things like send your password cookies to remote servers

Keee-rist! Scary!

® ©
posted by scarabic at 6:08 PM on October 17, 2006


yay!
posted by scarabic at 6:08 PM on October 17, 2006


I block all instances of ampersand-poundsign and hex values because someone showed me quite effectively how you could encode nasty XSS javascript using entities and get it to pass into MeFi and do things like send your password cookies to remote servers and whatnot.

Anyone got a link explaining how this works?
posted by MetaMonkey at 2:39 AM on October 18, 2006


By the way, in order to get © to appear (as opposed to typing & copy; you need to type ©). Hitting preview breaks this as it removes the escaping for ampersand, so it needs to be redone after preview (or you can copy the text from the comment box before preview, paste it back in post preview than hit post if everything is copacetic).
posted by plinth at 7:31 AM on October 18, 2006


« Older something is not right with the first comment in...   |   Fix My Link Newer »

You are not logged in, either login or create an account to post comments