Skip to content

Do not escape some allowed tags in titles #202

Description

@glorieux-f

In CSL spec, some tags are allowed in complex title.
https://citeproc-js.readthedocs.io/en/latest/csl-json/markup.html#html-like-formatting-tags

Consider this forged example

Read <i><i>Laissez-Faire</i> Banking</i> in the <span style=\"font-variant:small-caps;\">xxi</span><sup>st</sup>

It is allowed and should be correctly handled by a CSL processor. Zotero do that in javascript:
https://github.com/zotero/zotero/blob/408f1274f4d98b72204393dd1392d71d6e7d507e/chrome/content/zotero/xpcom/utilities_internal.js#L2448-L2565

Citeproc-php has for now adopted a cautious approach, escape all HTML entities. Nothing is lost, but HTML display could be frustrating. Fortunately, the code is well architected, there is only one line to improve.

https://github.com/seboettg/citeproc-php/blob/56abb9cf171395da59a20878d1110cd40004f9a9/src/Rendering/Text.php#L237-L242

By the way, why call StringHelper::clearApostrophes() here ? It is also done at a Layout level.
https://github.com/seboettg/citeproc-php/blob/develop/src/Rendering/Layout.php
What is the technical constraint to modify the user input ?

User could be happy to choose between more than one kind of text output. Because of historic reason, htmlspecialchars($value, ENT_HTML5) should be the default, but overriding with a custom function should be possible.

2 commits on src/Rendering/Text.php will follow for this issue.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions