Hi, Achim! > >> 4. HTML Escape €uro still returns €uro > >> if the used charset *is not* utf-8, it may be wrong > >> (means the charset in the application where the HTML Escape applies) > > The problem is we escape only special chars like <>"'. > > But descape all. It there real needing to escape euro symbol? > > reading again (which is usefull sometimes:) I see "HTML Escape" > does this mean "HTML Entities" (as I read it) or does it mean > something else? Our function was simply wrapper for cgi.escape() which convert only the characters '&', '<' and '>' (+optionally '"') to HTML-safe sequences [0] I just commited more powerful replacement for it. Now we replace "&", '"', "'", ">", "<".
> I assumed HTML Entities, that's what my comment is for. May be it will be better to rename our label to something like "Escape HTML special chars" like same function in PHP [1]? > 8. type €uro in the Decode area and use "Hex Decoding" which returns: > An error was generated during the execution: > - Invalid input for that operation. > > The string that you are trying to encode/decode can't be > encoded/decoded using this algorithm. A detailed error follows: > - invalid literal for int() with base 16: '\x82\xacuro' Hmm, in such case is it bug? It will be better to show empty area? [0] http://wiki.python.org/moin/EscapingHtml [1] http://php.net/manual/en/function.htmlspecialchars.php -- Taras http://oxdef.info ------------------------------------------------------------------------------ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
