none
Right angle bracket in image alt text corrupts post

    General discussion

  • Posting an image with alternate text that has a '>' (right angle bracket, greater than symbol) in it will corrupt the post.

    Here goes a quick test.

    <img alt="TEST > IMAGE" src="http://social.msdn.microsoft.com/Forums/getfile/416550" />

    The alternate text there was TEST > IMAGE.

    Thursday, February 6, 2014 4:57 PM

All replies

  • The post seems okay.

    Ed Price, Power BI & SQL Server Customer Program Manager (Blog, Small Basic, Wiki Ninjas, Wiki)

    Answer an interesting question? Create a wiki article about it!

    Friday, February 7, 2014 6:53 AM
    Owner
  • The post seems okay.

    Ed Price, Power BI & SQL Server Customer Program Manager (Blog, Small Basic, Wiki Ninjas, Wiki)

    Answer an interesting question? Create a wiki article about it!

    Huh?  I'm confused.  Are you saying that my original post looks okay?  Here's what I saw on my end.

    (NOTE:  Chrome, Windows 7)

    So is there a problem or not?  I'm confused as to what you meant when you said "The post seems okay."  There's certainly some kind of problem here.

    Friday, February 7, 2014 2:29 PM

  • So is there a problem or not?  I'm confused as to what you meant when you said "The post seems okay."  There's certainly some kind of problem here.

    I would not view it as a problem with the page.  The brackets are reserved characters.  Just like you can't name a variable "float" in C++.  As in Max's example if you want to use those characters in an alternate text, you need to use the &amp;gt; notation.

    Please do not read this sentence. Please ignore the previous sentence.


    Friday, February 7, 2014 2:37 PM
  • The problem here is that when you upload an image, the forum software displays a box that allows you to type in alternate text for the image, but does not sanitize the text before writing it directly into the alt text attribute of some HTML.

    Do I have to remind everyone about the story of Little Bobby Tables?

    Friday, February 7, 2014 5:21 PM
  • That's a very funny comic, Wyck.  But the bug is exactly the opposite.  The problem is the input is being sanitized when it shouldn't be.
     no it is not
    Friday, February 7, 2014 5:35 PM
  • Oh no?? Try uploading an image with the following Alternate text and you tell me if it's being sanitized or not.

    "><b>no it is not</b><img alt="

    Friday, February 7, 2014 5:38 PM
  • The only reason I mention it is because if I had described the problem by mentioning the problem with the double-quote character instead of the angle bracket character, we wouldn't be having this discussion.  It's true that you don't have to escape the > to an entity in HTML attributes, but you do have to do something about the double quote.

    To me, that constitutes data sanitizing.

    I see what you're talking about, where the initial edit that adds the image survives, but then the HTML cleanup on post incorrectly trims out the > that wasn't converted to an entity and escapes it.

    Both things are happening...this is apparent from what happens when you use only quotes in the alt text.

    I appreciate the effort you've put into it.  I'm not trying to be difficult.  As a gesture of good will, please accept this ASCII art picture of the Earth as seen from Saturn. -->   .


    Friday, February 7, 2014 7:20 PM
  • Wyck,

    Quick apology. We didn't get it repro'd here, but we finally understood what you meant over in this thread: http://social.msdn.microsoft.com/Forums/en-US/c90d1735-df73-473d-ac6c-013fd1610ea4/html-language-special-characters-in-the-alternate-text-property-screws-up-image-inclusion?forum=reportabug

    Sorry about that! I think I meant that Max's tests seemed okay. Then Max chatted, it became a longer conversation that's off topic, and someone changed it to a discussion, and we missed trying to repro the original bug.

    So sorry about that!

    Thanks!


    Ed Price, Azure & Power BI Customer Program Manager (Blog, Small Basic, Wiki Ninjas, Wiki)

    Answer an interesting question? Create a wiki article about it!

    Friday, July 25, 2014 10:19 PM
    Owner