Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTML Entity Encoding in PlainTextErrorRenderer #3298

Closed
punjabik opened this issue Nov 23, 2023 · 2 comments · Fixed by #3319
Closed

HTML Entity Encoding in PlainTextErrorRenderer #3298

punjabik opened this issue Nov 23, 2023 · 2 comments · Fixed by #3319
Labels
Has PR

Comments

@punjabik
Copy link

Description

The PlainTextErrorRenderer in Slim Framework applies HTML entity encoding to exception messages via the htmlentities function. This behavior leads to the encoding of special characters in log messages and other plain text outputs, which might not be desired in all contexts.

Slim Framework Version

4

Steps to Reproduce

  1. Use the PlainTextErrorRenderer to handle exceptions.
  2. Trigger an exception with a message that includes characters that are typically encoded by htmlentities (like double quotes).
  3. Observe the output (in logs, terminal, etc.) and notice that characters are HTML entity encoded (e.g., double quotes are converted to ").

Expected Behavior

In a plain text context, one would expect the error message to be rendered as-is, without HTML entity encoding. The use of htmlentities might be more appropriate for HTML-specific renderers.

Actual Behavior

The error message is HTML entity encoded, leading to representations like " in place of double quotes in plain text outputs.

Possible Solution

Consider removing the htmlentities call from the PlainTextErrorRenderer, or provide an option to disable HTML entity encoding based on the context in which the renderer is used.

Context

This encoding issue affects logging, CLI outputs, and other scenarios where HTML entity encoding is not desirable in error messages.

Slim/Slim/Error/Renderers/PlainTextErrorRenderer.php

Line 49 in fdb6d61

$text .= sprintf("Message: %s\n", htmlentities($exception->getMessage()));

@l0gicgate
Copy link
Member

The easy solution to this is to create your own renderer. You can copy paste the plain text error render and modify it to your liking.

Feel free to propose an alternate solution. Being able to customize the renderer while keeping the existing behavior would be necessary in this case.

akrabat added a commit to akrabat/Slim that referenced this issue May 1, 2024
@akrabat
Do not HTML entity encode in PlainTextErrorRenderer
9395e43 
The PlainTextErrorRenderer should not encode exception messages as
that's not required for plain text in the same way that it is not
required for the JsonErrorRenderer.

Closes slimphp#3298
@akrabat akrabat mentioned this issue May 1, 2024
Merged
@akrabat
Copy link
Member

akrabat commented May 1, 2024

To my mind, this is a bug as we don't call htmlentities() on the JSON or XML error renderers. PR #3319 raised.

@akrabat akrabat added the Has PR label May 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Has PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Do not HTML entity encode in PlainTextErrorRenderer akrabat/Slim
3 participants
@akrabat @punjabik @l0gicgate