[
https://issues.apache.org/jira/browse/DOXIA-726?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17807409#comment-17807409
]
ASF GitHub Bot commented on DOXIA-726:
--------------------------------------
kwin opened a new pull request, #196:
URL: https://github.com/apache/maven-doxia/pull/196
Use XML entities prior to escaping for Markdown with a backslash
> MarkdownSink: Incorrect escaping of <,>,",' and &
> -------------------------------------------------
>
> Key: DOXIA-726
> URL: https://issues.apache.org/jira/browse/DOXIA-726
> Project: Maven Doxia
> Issue Type: Bug
> Affects Versions: 2.0.0-M9
> Reporter: Konrad Windszus
> Assignee: Konrad Windszus
> Priority: Major
>
> As Markdown emits all unknown characters "as-is" in the resulting HTML also
> all XML escape characters need to be leveraged in addition to the ones
> outlined in https://daringfireball.net/projects/markdown/syntax#backslash in
> {{Sink.text(...)}}. Currently only the latter is considered though which
> leads to incorrect output: The text value
> {code}
> "this is a <test>"
> {code}
> should lead to
> {code}
> "this is a <test>"
> {code}
> but right now the "<" and ">" are not escaped.
> Compare also with
> https://spec.commonmark.org/0.30/#entity-and-numeric-character-references.
> It needs to be ensured that all parsed XHTML elements which are not natively
> supported by the Sink API (i.e. don't lead to a dedicated event) are passed
> as is to the output (given the input is XHTML).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
