AUR web interface

**This is the bug tracker for the AUR web interface.**

Use this tracker to report bugs or make feature requests regarding the behaviour or implementation of the AUR software.
Please read the Reporting Bug Guidelines before filing a new task.
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

- Please report bugs related to Arch Linux official packages here: http://bugs.archlinux.org/index.php?project=1
- Please report bugs for [community] packages here: http://bugs.archlinux.org/index.php?project=5
- For any packages in the AUR contact the maintainer or leave a comment on the package's detail page.

Source Code:
https://projects.archlinux.org/aurweb.git/
Tasklist

FS#51968 - Atom feed of package repo have non-escaped href

Attached to Project: AUR web interface
Opened by Jordan Galby (Gravemind2a) - Saturday, 26 November 2016, 17:53 GMT
Task Type Bug Report
Category Backend
Status Unconfirmed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version 4.3.0
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No

Details

Atom feeds from package repo contain un-escaped character in link's href, making firefox (45.5) and other feed aggregator fail.

Example: [1], first occurrence at line 12, href link contains an "&", and should have been "&"

I looked at cgit atom feed generator source code, but it seems to escape the url properly.

And, looking at the un-escaped url [2], the '&h=pacaur' at the end does not seem to come from cgit (official source code), so, I was just wondering if aurweb did something there ?!

[1] https://aur.archlinux.org/cgit/aur.git/atom/?h=pacaur
[2] https://aur.archlinux.org/cgit/aur.git/commit/?id=3bc75b9629815f0dffe7d9da644b871b79a06e09&h=pacaur
This task depends upon

Comment by Nodiv (nodivbyzero) - Wednesday, 04 January 2017, 17:36 GMT
Looks like CGIT issue.
I've asked CGIT guys to help: https://lists.zx2c4.com/pipermail/cgit/2017-January/003454.html
Comment by Jordan Galby (Gravemind2a) - Thursday, 05 January 2017, 21:38 GMT
Maybe `%cid=%s` should be escaped, so thanks for reporting it.

But I think _here_ [1], this is not the issue: the commit url is `?id=sha1` (not `&id=sha1`), so nothing to escape _here_.

And then that's where I get confused: I cannot find where the non-escaped `..&h=pacaur` is appended.

[1] https://aur.archlinux.org/cgit/aur.git/commit/?id=3bc75b9629815f0dffe7d9da644b871b79a06e09&h=pacaur
Comment by Nodiv (nodivbyzero) - Thursday, 05 January 2017, 21:58 GMT
the issue is '&'. It needs to be escaped to '&'
There is a patch[1] for this issue, but I have not got time to verify it.

[1] https://lists.zx2c4.com/pipermail/cgit/2017-January/003454.html

Loading...