util_expand_entities_ie_style (public, deprecated)
util_expand_entities_ie_style html
Defined in packages/acs-tcl/tcl/text-html-procs.tcl
Deprecated. Invoking this procedure generates a warning.
Replaces all occurrences of o and &x0f; type HTML character entities to their ASCII equivalents. It also handles lt, gt, quot, ob, cb and amp.
This proc does the expansion in the style of IE and Netscape, which is to say that it doesn't require the trailing semicolon on the entity to replace it with something else. The reason we do that is that this proc was designed for checking HTML for security-issues, and since entities can be used for hiding malicious code, we'd better simulate the liberal interpretation that browsers does, even though it complicates matters.
Unlike its sister proc,
util_expand_entities
, it also expands numeric entities (#999 or #xff style).
- Parameters:
- html (required)
- Author:
- Lars Pind <lars@pinds.com>
- Created:
- October 17, 2000
- See Also:
- ns_unquotehtml
- Partial Call Graph (max 5 caller/called nodes):
- Testcases:
- No testcase defined.
Source code: ad_log_deprecated proc util_expand_entities_ie_style array set entities { lt < gt > quot \" ob \{ cb \} amp & } set mappings [list] # # Extract all entities from the text. The semicolon is optional. # set parsed_entities [regexp -all -inline {&([a-zA-Z]+|#[0-9]+|#x[a-zA-Z0-9]+);?} $html] foreach {match entity} $parsed_entities { if {[string index $entity 0] eq "#"} { if {[string index $entity 1] eq "x"} { # # Entity as hexadecimal # set code [scan [string range $entity 2 end] %x] } else { # # Entity as decimal character code # set code [string trimleft [string range $entity 1 end] 0] if {$code eq ""} { set code 0 } } lappend mappings $match [format "%c" $code] } elseif {[info exists entities($entity)]} { # # Entity by name. Only some are supported. # lappend mappings $match $entities($entity) } } return [string map $mappings $html]XQL Not present: Generic, PostgreSQL, Oracle