HTML escape codes are not handled properly for pango markup.

Question

HTML escape codes are not handled properly for pango markup.

crocket opened this issue 4 years ago · 11 comments

& is converted to &.

< is not converted to <. < is converted to &lt;.

Refer to https://www.freeformatter.com/html-escape.html for details.

Answer 1 · 2020-10-07T14:25:51.000Z

<, >, and " aren't converted because they are used as part of <span> tags which allow you to specifically colorize parts of the module's text.

Answer 2 · 2020-10-07T22:33:06.000Z

I think i3pystatus shouldn't convert & to & because I want to insert < and so on.

Answer 3 · 2020-10-08T00:52:40.000Z

That's fair, I think that the replace code can be altered to skip replacing that text when the & is part of an html escape.

Answer 4 · 2020-10-08T01:30:32.000Z

@crocket #795 should fix this, I just tested this on my install.

Answer 5 · 2020-10-08T01:51:39.000Z

I think it's better and simpler to not expand &.

Answer 6 · 2020-10-08T02:04:46.000Z

It is only expanded when the text is processed by pango, because if it is not the processing fails.

Answer 7 · 2020-10-08T03:38:32.000Z

I think it's better for users to handle HTML escape codes... because expanding only & is confusing, and this behavior is not even documented.

Answer 8 · 2020-10-08T14:28:54.000Z

expanding only & is confusing

Maybe that's the case for you, but I don't think you're considering the fact that not everyone understands HTML escapes. Many people will simply enable pango for a module because it enables specific colorization effects. For these users, adding a & to the format string will make the entire module's text disappear due to a failure of pango to process the text.

The pull request that I opened:

Expands & to prevent confusion for those who don't have a more thorough understanding of pango / HTML escapes
Fixes the bug in which & is expanded when part of an HTML escape code
Does not prevent one from using &, <, >, or "

I'm not convinced that it's a great idea to make i3pystatus less intuitive for less-knowledgeable users, but it would be worth it IMO if there were good reasons for & not being expanded (such as it being needed as part of an HTML tag, like <, >, and "). I'm not aware of any such uses, but HTML and CSS are not my strong points. Are ampersands perhaps valid within, for example, a style attribute?

@enkore thoughts?

Answer 9 · 2020-10-08T14:38:35.000Z

We're not using something like markupsafe, so we can't easily distinguish what came from the format string and what is e.g. the title of a song that's now playing (and happens to contain a &). I think escaping & when it is not part of an HTML entity is reasonable in this situation.

Answer 10 · 2020-10-08T15:16:51.000Z

Oh yeah, I was so focused on the format string itself that I hadn't considered the module output (which is harder to control for).

Answer 11 · 2020-10-09T00:05:17.000Z

Whatever. If it works, I'm okay.