lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Muir (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LUCENE-5191) SimpleHTMLEncoder in Highlighter module breaks Unicode outside BMP
Date Thu, 29 Aug 2013 15:25:52 GMT

    [ https://issues.apache.org/jira/browse/LUCENE-5191?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13753720#comment-13753720
] 

Robert Muir commented on LUCENE-5191:
-------------------------------------

{quote}
As we are not working in unquoted attributes
{quote}

You cannot make this determination. If you want to copy this method and put a less secure
version in SimpleHTMLEncoder, thats cool with me.

But don't make PostingsHighlighter less secure: -1 to that.
                
> SimpleHTMLEncoder in Highlighter module breaks Unicode outside BMP
> ------------------------------------------------------------------
>
>                 Key: LUCENE-5191
>                 URL: https://issues.apache.org/jira/browse/LUCENE-5191
>             Project: Lucene - Core
>          Issue Type: Bug
>          Components: modules/highlighter
>            Reporter: Uwe Schindler
>            Assignee: Uwe Schindler
>             Fix For: 5.0, 4.5
>
>         Attachments: LUCENE-5191.patch
>
>
> The highlighter provides a function to escape HTML, which does to much. To create valid
HTML only ", <, >, & must be escaped, everything else can kept unescaped. The escaper
unfortunately does also additionally escape everything > 127, which is unneeded if your
web site has the correct encoding. It also produces huge amounts of HTML entities if used
with eastern languages.
> This would not be a bugf if the escaping would be correct, but it isn't, it escapes like
that:
> {{result.append("\&#").append((int)ch).append(";");}}
> So it escapes not (as HTML needs) the unicode codepoint, instead it escapes the UTF-16
char, which is incorrect, e.g. for our all-time favourite Deseret:
> U+10400 (deseret capital letter long i) would be escaped as {{&\#55297;&\#56320;}}
and not as {{&\#66560;}}.
> So we should remove the stupid encoding of chars > 127 which is simply useless :-)
> See also: https://github.com/elasticsearch/elasticsearch/issues/3587

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message