Bug 89585
| Summary: | MultiPartArticle sections should _not_ be escaping html | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Enterprise CMS | Reporter: | Crag Wolfe <cwolfe> |
| Component: | other | Assignee: | ccm-bugs-list |
| Status: | CLOSED WONTFIX | QA Contact: | Jon Orris <jorris> |
| Severity: | low | Docs Contact: | |
| Priority: | medium | ||
| Version: | 5.2 | CC: | bdolicki |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | noarch | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-10-13 20:08:15 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 100952 | ||
Well, this might be true in case when DHTML editor is used. If TEXTAREA is used, HTML characters should definitely be escaped. for troika, will do former to make it consistent. for latter, will implement pick-lists (see sdm). Do you mean feature #227242 from SDM? This has nothing to do with that. The
problem of quoting HTML appears only on EDITING, not on initial input. HTML
simply must be quoted when we give user TEXTAREA to edit his text, *regardless*
on how the text is intended to be used on rendering. To illustrate
this, suppose user typed the following HTML originally when he first created
the paragraph:
You can search Google from here:
<form action="/search">
<input name=q value="">
</form>
If we don't quote HTML inside of textarea when we let user edit his HTML it
will lead to illegal HTML:
<form action="..."> <!-- This is our form tag for submiting the paragraph -->
...
<textarea name="..." value="...">
You can search Google from here:
<form action="/search"> <!-- Ooops, nested form tags - not allowed! -->
<input name=q value="">
</form>
...
</textarea>
...
</form>
Another example would be: imagine Bugzilla didn't quote HTML properly and it
let me edit the text I'm just writing without quoting the above illegal HTML
snippet...
applied to 6.0.x (38780). still needed on 5.2.x. This does not address any of the issues branimir brings up. |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020826 Description of problem: Escaped html is shown for a multi-part article section when it should not be. If you use the dhtml editor, the published content will be escaped so the user sees html tags. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: See description. Additional info: To fix, In MultiPartArticle.xsl, replace: xsl:value-of select="text/content" with: xsl:value-of disable-output-escaping="yes" select="text/content"