AUR web interface

**This is the bug tracker for the AUR web interface.**

Use this tracker to report bugs or make feature requests regarding the behaviour or implementation of the AUR software.
Please read the Reporting Bug Guidelines before filing a new task.

- Please report bugs related to Arch Linux official packages here:
- Please report bugs for [community] packages here:
- For any packages in the AUR contact the maintainer or leave a comment on the package's detail page.

Source Code:

FS#51968 - Atom feed of package repo have non-escaped href

Attached to Project: AUR web interface
Opened by Jordan Galby (Gravemind2a) - Saturday, 26 November 2016, 17:53 GMT
Task Type Bug Report
Category Backend
Status Unconfirmed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version 4.3.0
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No


Atom feeds from package repo contain un-escaped character in link's href, making firefox (45.5) and other feed aggregator fail.

Example: [1], first occurrence at line 12, href link contains an "&", and should have been "&"

I looked at cgit atom feed generator source code, but it seems to escape the url properly.

And, looking at the un-escaped url [2], the '&h=pacaur' at the end does not seem to come from cgit (official source code), so, I was just wondering if aurweb did something there ?!

This task depends upon

Comment by Nodiv (nodivbyzero) - Wednesday, 04 January 2017, 17:36 GMT
Looks like CGIT issue.
I've asked CGIT guys to help:
Comment by Jordan Galby (Gravemind2a) - Thursday, 05 January 2017, 21:38 GMT
Maybe `%cid=%s` should be escaped, so thanks for reporting it.

But I think _here_ [1], this is not the issue: the commit url is `?id=sha1` (not `&id=sha1`), so nothing to escape _here_.

And then that's where I get confused: I cannot find where the non-escaped `..&h=pacaur` is appended.

Comment by Nodiv (nodivbyzero) - Thursday, 05 January 2017, 21:58 GMT
the issue is '&'. It needs to be escaped to '&'
There is a patch[1] for this issue, but I have not got time to verify it.