Dear all,
There are more changes related to this problem area:
a) Due to the full support of UTF-8 in the database interface in the
last release, potential new problems showed up which were hidden so far
by the mangled Tcl-UTF-8; similarly, problems showed up with
vulnerability scanners trying to inject invalid UTF-8, causing then some
extensions (expecting only valid UTF-8) to fatal out (e.g. tDOM). These
issues were addressed by the stronger input validation changes of the
last weeks and months since the release.
b) For full emoji support, it is also necessary to support emojis
specified as numeric entities in HTML markup. The old versions of
NaviServer were just capable of handling single byte decimal numeric
entities, now multibyte decimal or hexadecimal numeric entities are
supported as well (see e.g., in the regression test the mermaids with
the light and dark skin tones [1]). Since HTML entity interpretation was
before only available through "ns_striphtml" (which does also comment
and tag stripping), I have added the command "ns_unquotehtml" as a
counterpart to "ns_quotehtml" which just interprets numeric and
non-numeric entities.
The next release should come out around easter.
all the best
-gn
[1]
https://bitbucket.org/naviserver/naviserver/commits/b923ad4384529a80ac88cadcadde1947a6413753#Ltests/ns_striphtml.testT369
_______________________________________________
naviserver-devel mailing list
naviserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/naviserver-devel
