Graphviz Issue Tracker
Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002139graphvizOutput Generationpublic2011-09-08 05:102011-09-08 05:10
Reportertorsten 
Assigned To 
PrioritynormalSeveritynormalReproducibilityalways
StatusnewResolutionopen 
PlatformOSOS Version
Summary0002139: SVG generation broken for pango formatted text
DescriptionWe are using GraphViz to generate graphs. For interaction we parse the svg output.

For styling we use the <FONT></FONT> tags, tables, etc.

As the data comes from the user, we escape the input by replacing '&' with '&', '<' with '<' and '>' with '>'.

To test this, I entered some HTML to make it as hard as possible for the graph to work. This leads to invalid SVG being generated.

It is hard to fix that for the input generator, as GraphViz is not consistent with how entities are handled: '&' seems to get replaced with just '&' if this results in an entity definition in the output: '&lt;' gives '<' in the output. OTOH, '& foo' results in '& foo'.

It's hard to decide what is right here. I would have expected that dot would escape entities like it escapes tags if the input label is a plain string:

node [label="<h1>"] -> <text><h1></text> (okay in 2.27.0)
node [label="&"] -> <text>&amp;</text> (broken in 2.27.0, results in <text>&</text>)
node [label="&nbsp;"] -> <text>&amp;nbsp;</text> (broken in 2.27.0, results in <text> </text>)

When labels are given as HTML, behaviour should be different due to the input being XML-like already:

node [label=<<h1>>] -> should be an error, h1 is not according to http://www.graphviz.org/doc/info/shapes.html#html [^]

node [label=<&bsp;>] -> should result in <text>&bsp;</text> (2.27.0: <text>&bsp;</text>)
node [label=<&funny;>] -> either error (funny is not a builtin XML entity) or <text>&funny;</text> (okay in 2.27.0)

I had a look at the sources and I know that this will be quite a bit of work. Sorry for the fuss, but I would deem this correct behaviour for GraphViz.
Steps To ReproduceProcess the following dot input:

digraph escape_xml {
        c [label=<<FONT POINT-SIZE="48">&funny;</FONT>>]
}

dot -Tsvg -o funny.svg funny.dot

The resulting SVG output contains the following string:

<text text-anchor="start" x="8.5" y="-16.1" font-family="Times,serif" font-size="48.00">&funny;</text>

I would have expected the & to be carried through from input to output.

This even happens if the input contains a simple string. Interestingly, stuff like '&unknownent;' is happily carried to the output.
TagsNo tags attached.
AUXILLARY-FILES
DATE-FIXED
FIX-COMMENT
FORMER-ID
INPUT-FILE
OUTPUT-FILE
STATUS-COMMENT
VERSION2.27.0
Attached Filesdot file icon funny.dot [^] (95 bytes) 2011-09-08 05:10

- Relationships

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2011-09-08 05:10 torsten New Issue
2011-09-08 05:10 torsten File Added: funny.dot


MantisBT 1.2.5[^]
Copyright © 2000 - 2011 MantisBT Group
Powered by Mantis Bugtracker