In CSL spec, some tags are allowed in complex title.
https://citeproc-js.readthedocs.io/en/latest/csl-json/markup.html#html-like-formatting-tags
Consider this forged example
Read <i><i>Laissez-Faire</i> Banking</i> in the <span style=\"font-variant:small-caps;\">xxi</span><sup>st</sup>
It is allowed and should be correctly handled by a CSL processor. Zotero do that in javascript:
https://github.com/zotero/zotero/blob/408f1274f4d98b72204393dd1392d71d6e7d507e/chrome/content/zotero/xpcom/utilities_internal.js#L2448-L2565
Citeproc-php has for now adopted a cautious approach, escape all HTML entities. Nothing is lost, but HTML display could be frustrating. Fortunately, the code is well architected, there is only one line to improve.
https://github.com/seboettg/citeproc-php/blob/56abb9cf171395da59a20878d1110cd40004f9a9/src/Rendering/Text.php#L237-L242
By the way, why call StringHelper::clearApostrophes() here ? It is also done at a Layout level.
https://github.com/seboettg/citeproc-php/blob/develop/src/Rendering/Layout.php
What is the technical constraint to modify the user input ?
User could be happy to choose between more than one kind of text output. Because of historic reason, htmlspecialchars($value, ENT_HTML5) should be the default, but overriding with a custom function should be possible.
2 commits on src/Rendering/Text.php will follow for this issue.
In CSL spec, some tags are allowed in complex title.
https://citeproc-js.readthedocs.io/en/latest/csl-json/markup.html#html-like-formatting-tags
Consider this forged example
Read <i><i>Laissez-Faire</i> Banking</i> in the <span style=\"font-variant:small-caps;\">xxi</span><sup>st</sup>It is allowed and should be correctly handled by a CSL processor. Zotero do that in javascript:
https://github.com/zotero/zotero/blob/408f1274f4d98b72204393dd1392d71d6e7d507e/chrome/content/zotero/xpcom/utilities_internal.js#L2448-L2565
Citeproc-php has for now adopted a cautious approach, escape all HTML entities. Nothing is lost, but HTML display could be frustrating. Fortunately, the code is well architected, there is only one line to improve.
https://github.com/seboettg/citeproc-php/blob/56abb9cf171395da59a20878d1110cd40004f9a9/src/Rendering/Text.php#L237-L242
By the way, why call StringHelper::clearApostrophes() here ? It is also done at a Layout level.
https://github.com/seboettg/citeproc-php/blob/develop/src/Rendering/Layout.php
What is the technical constraint to modify the user input ?
User could be happy to choose between more than one kind of text output. Because of historic reason,
htmlspecialchars($value, ENT_HTML5)should be the default, but overriding with a custom function should be possible.2 commits on src/Rendering/Text.php will follow for this issue.