Bug 89585 - MultiPartArticle sections should _not_ be escaping html
MultiPartArticle sections should _not_ be escaping html
Status: CLOSED WONTFIX
Product: Red Hat Enterprise CMS
Classification: Retired
Component: other (Show other bugs)
5.2
noarch Linux
medium Severity low
: ---
: ---
Assigned To: ccm-bugs-list
Jon Orris
:
Depends On:
Blocks: 100952
  Show dependency treegraph
 
Reported: 2003-04-24 12:46 EDT by Crag Wolfe
Modified: 2007-04-18 12:53 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-10-13 16:08:15 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Crag Wolfe 2003-04-24 12:46:59 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020826

Description of problem:
Escaped html is shown for a multi-part article section when it should not be. 
If you use the dhtml editor, the published content will be escaped so the user
sees html tags.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
See description.

Additional info:

To fix,

In MultiPartArticle.xsl,

replace:
     xsl:value-of select="text/content"
with:
     xsl:value-of disable-output-escaping="yes" select="text/content"
Comment 1 Branimir Dolicki 2003-06-16 09:41:02 EDT
Well, this might be true in case when DHTML editor is used.  If TEXTAREA is
used, HTML characters should definitely be escaped.
Comment 2 Bryan Che 2003-06-23 14:40:23 EDT
for troika, will do former to make it consistent.  for latter, will implement
pick-lists (see sdm).
Comment 3 Branimir Dolicki 2003-06-23 15:13:13 EDT
Do you mean feature #227242 from SDM?  This has nothing to do with that.  The
problem of quoting HTML appears only on EDITING, not on initial input.  HTML
simply must be quoted when we give user TEXTAREA to edit his text, *regardless*
on how the text is intended to be used on rendering.  To illustrate
this, suppose user typed the following HTML originally when he first created
the paragraph:

  You can search Google from here:
  <form action="/search">
   <input name=q value="">
  </form>

If we don't quote HTML inside of textarea when we let user edit his HTML it
will lead to illegal HTML:

  <form action="..."> <!-- This is our form tag for submiting the paragraph -->
    ...
    <textarea name="..." value="...">
      You can search Google from here:
      <form action="/search"> <!-- Ooops, nested form tags - not allowed! -->
        <input name=q value="">
      </form>
    ...
    </textarea>
   ...
  </form>

Another example would be: imagine Bugzilla didn't quote HTML properly and it
let me edit the text I'm just writing without quoting the above illegal HTML
snippet...
Comment 4 Archit Shah 2003-12-12 18:49:33 EST
applied to 6.0.x (38780). still needed on 5.2.x. This does not address
any of the issues branimir brings up.

Note You need to log in before you can comment on or make changes to this bug.