[dw-free] alt text is over-escaped in S2
[commit: http://hg.dwscoalition.org/dw-free/rev/25acdc474362]
http://bugs.dwscoalition.org/show_bug.cgi?id=1147
Prevent using Image::print with unescaped text.
Patch by
deborah.
Files modified:
http://bugs.dwscoalition.org/show_bug.cgi?id=1147
Prevent using Image::print with unescaped text.
Patch by
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
Files modified:
- bin/upgrading/s2layers/core2.s2
-------------------------------------------------------------------------------- diff -r fa561230eac7 -r 25acdc474362 bin/upgrading/s2layers/core2.s2 --- a/bin/upgrading/s2layers/core2.s2 Thu Jun 10 01:22:12 2010 +0800 +++ b/bin/upgrading/s2layers/core2.s2 Wed Jun 09 17:17:46 2010 +0000 @@ -2951,15 +2951,22 @@ function Image::as_string(string alttext function Image::as_string(string alttext) [fixed] : string "You most likely want to use Image::print instead. Prints HTML for the image with a given alttext. Using meaningful alttext is strongly recommended to improve the accessibility of your layout. Overriding this function is NOT RECOMMENDED. Overriding this function could prevent sitewide improvements to styles, accessibility, or other functionality from operating in your layout." { - return "<img src=\"$.url\" title=\"$.extra{"title"}\" alt=\"$alttext\"" + - htmlattr("height", $.height) + - htmlattr("width", $.width) + " />"; + return "<img src=\"$.url\" title=\"$.extra{"title"}\" alt=\"" + + ehtml( $alttext ) + + "\" " + + htmlattr("height", $.height) + + htmlattr("width", $.width) + + " />"; } function Image::as_string() [fixed] : string "You most likely want to use Image::print instead. Prints HTML for the image. Using meaningful alttext is strongly recommended to improve the accessibility of your layout. Overriding this function is NOT RECOMMENDED. Overriding this function could prevent sitewide improvements to styles, accessibility, or other functionality from operating in your layout." { - return $this->as_string($this.alttext); + # If the image has an attribute "alttext", the alt text has already been escaped, eg. in S2.pm + return "<img src=\"$.url\" title=\"$.extra{"title"}\" alt=\"$this.alttext\" " + + htmlattr("height", $.height) + + htmlattr("width", $.width) + + " />"; } function Image::print (string{} opts) @@ -2978,7 +2985,7 @@ function Image::print function Image::print "Prints HTML for the image. Using meaningful alttext is strongly recommended to improve the accessibility of your layout. Overriding this function is NOT RECOMMENDED. Overriding this function could prevent sitewide improvements to styles, accessibility, or other functionality from operating in your layout." { - print $this->as_string($this.alttext); + print $this->as_string(); } function userinfoicon(UserLite user) : Image --------------------------------------------------------------------------------