Bug 89585
Summary: | MultiPartArticle sections should _not_ be escaping html | ||
---|---|---|---|
Product: | [Retired] Red Hat Enterprise CMS | Reporter: | Crag Wolfe <cwolfe> |
Component: | other | Assignee: | ccm-bugs-list |
Status: | CLOSED WONTFIX | QA Contact: | Jon Orris <jorris> |
Severity: | low | Docs Contact: | |
Priority: | medium | ||
Version: | 5.2 | CC: | bdolicki |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | noarch | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-10-13 20:08:15 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 100952 |
Description
Crag Wolfe
2003-04-24 16:46:59 UTC
Well, this might be true in case when DHTML editor is used. If TEXTAREA is used, HTML characters should definitely be escaped. for troika, will do former to make it consistent. for latter, will implement pick-lists (see sdm). Do you mean feature #227242 from SDM? This has nothing to do with that. The problem of quoting HTML appears only on EDITING, not on initial input. HTML simply must be quoted when we give user TEXTAREA to edit his text, *regardless* on how the text is intended to be used on rendering. To illustrate this, suppose user typed the following HTML originally when he first created the paragraph: You can search Google from here: <form action="/search"> <input name=q value=""> </form> If we don't quote HTML inside of textarea when we let user edit his HTML it will lead to illegal HTML: <form action="..."> <!-- This is our form tag for submiting the paragraph --> ... <textarea name="..." value="..."> You can search Google from here: <form action="/search"> <!-- Ooops, nested form tags - not allowed! --> <input name=q value=""> </form> ... </textarea> ... </form> Another example would be: imagine Bugzilla didn't quote HTML properly and it let me edit the text I'm just writing without quoting the above illegal HTML snippet... applied to 6.0.x (38780). still needed on 5.2.x. This does not address any of the issues branimir brings up. |