- fix subtle quoting bug: the substitution of #package_key.message_key# happens via regex on the resulting page late in the layout proce…
Show more
- fix subtle quoting bug: the substitution of #package_key.message_key# happens via regex on the resulting page late in the layout process. When a message contains %-substitution variables, at least these values have to be html-escaped. The bug showed up e.g. on OpenACS.org in the forums, when a subject line contained a double quote (e.g. in the .LRN Q&A forum, message "My applet doesn't appear ...". Since the layout is produced via <a href="@messages.message_url@" title="#forums.goto_thread_subject#"> and the message key is defined as Go to thread %messages.subject% the HTML title attribute was terminated prematurely by the double quote of the subject line and the remainder was invalid HTML.
Show less