mark: A photo of Mark kneeling on top of the Taal Volcano in the Philippines. It was a long hike. (Default)
Mark Smith ([staff profile] mark) wrote in [site community profile] changelog2010-06-09 05:17 pm

[dw-free] alt text is over-escaped in S2

[commit: http://hg.dwscoalition.org/dw-free/rev/25acdc474362]

http://bugs.dwscoalition.org/show_bug.cgi?id=1147

Prevent using Image::print with unescaped text.

Patch by [personal profile] deborah.

Files modified:
  • bin/upgrading/s2layers/core2.s2
--------------------------------------------------------------------------------
diff -r fa561230eac7 -r 25acdc474362 bin/upgrading/s2layers/core2.s2
--- a/bin/upgrading/s2layers/core2.s2	Thu Jun 10 01:22:12 2010 +0800
+++ b/bin/upgrading/s2layers/core2.s2	Wed Jun 09 17:17:46 2010 +0000
@@ -2951,15 +2951,22 @@ function Image::as_string(string alttext
 function Image::as_string(string alttext) [fixed] : string
 "You most likely want to use Image::print instead.  Prints HTML for the image with a given alttext. Using meaningful alttext is strongly recommended to improve the accessibility of your layout. Overriding this function is NOT RECOMMENDED. Overriding this function could prevent sitewide improvements to styles, accessibility, or other functionality from operating in your layout."
 {
-    return "<img src=\"$.url\" title=\"$.extra{"title"}\" alt=\"$alttext\"" +
-        htmlattr("height", $.height) +
-        htmlattr("width", $.width) + " />";
+    return "<img src=\"$.url\" title=\"$.extra{"title"}\" alt=\""
+        + ehtml( $alttext )
+        + "\" "
+        + htmlattr("height", $.height)
+        + htmlattr("width", $.width)
+        + " />";
 }
 
 function Image::as_string() [fixed] : string
 "You most likely want to use Image::print instead.  Prints HTML for the image. Using meaningful alttext is strongly recommended to improve the accessibility of your layout. Overriding this function is NOT RECOMMENDED. Overriding this function could prevent sitewide improvements to styles, accessibility, or other functionality from operating in your layout."
 {
-    return $this->as_string($this.alttext);
+    # If the image has an attribute "alttext", the alt text has already been escaped, eg. in S2.pm
+     return "<img src=\"$.url\" title=\"$.extra{"title"}\" alt=\"$this.alttext\" "
+        + htmlattr("height", $.height)
+        + htmlattr("width", $.width)
+        + " />";
 }
 
 function Image::print (string{} opts)
@@ -2978,7 +2985,7 @@ function Image::print
 function Image::print
 "Prints HTML for the image. Using meaningful alttext is strongly recommended to improve the accessibility of your layout. Overriding this function is NOT RECOMMENDED. Overriding this function could prevent sitewide improvements to styles, accessibility, or other functionality from operating in your layout."
 {
-    print $this->as_string($this.alttext);
+    print $this->as_string();
 }
 
 function userinfoicon(UserLite user) : Image
--------------------------------------------------------------------------------

Post a comment in response:

This account has disabled anonymous posting.
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org