Bug 89585 - MultiPartArticle sections should _not_ be escaping html
Summary: MultiPartArticle sections should _not_ be escaping html
Alias: None
Product: Red Hat Enterprise CMS
Classification: Retired
Component: other
Version: 5.2
Hardware: noarch
OS: Linux
Target Milestone: ---
Assignee: ccm-bugs-list
QA Contact: Jon Orris
Depends On:
Blocks: 100952
TreeView+ depends on / blocked
Reported: 2003-04-24 16:46 UTC by Crag Wolfe
Modified: 2007-04-18 16:53 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2005-10-13 20:08:15 UTC

Attachments (Terms of Use)

Description Crag Wolfe 2003-04-24 16:46:59 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020826

Description of problem:
Escaped html is shown for a multi-part article section when it should not be. 
If you use the dhtml editor, the published content will be escaped so the user
sees html tags.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
See description.

Additional info:

To fix,

In MultiPartArticle.xsl,

     xsl:value-of select="text/content"
     xsl:value-of disable-output-escaping="yes" select="text/content"

Comment 1 Branimir Dolicki 2003-06-16 13:41:02 UTC
Well, this might be true in case when DHTML editor is used.  If TEXTAREA is
used, HTML characters should definitely be escaped.

Comment 2 Bryan Che 2003-06-23 18:40:23 UTC
for troika, will do former to make it consistent.  for latter, will implement
pick-lists (see sdm).

Comment 3 Branimir Dolicki 2003-06-23 19:13:13 UTC
Do you mean feature #227242 from SDM?  This has nothing to do with that.  The
problem of quoting HTML appears only on EDITING, not on initial input.  HTML
simply must be quoted when we give user TEXTAREA to edit his text, *regardless*
on how the text is intended to be used on rendering.  To illustrate
this, suppose user typed the following HTML originally when he first created
the paragraph:

  You can search Google from here:
  <form action="/search">
   <input name=q value="">

If we don't quote HTML inside of textarea when we let user edit his HTML it
will lead to illegal HTML:

  <form action="..."> <!-- This is our form tag for submiting the paragraph -->
    <textarea name="..." value="...">
      You can search Google from here:
      <form action="/search"> <!-- Ooops, nested form tags - not allowed! -->
        <input name=q value="">

Another example would be: imagine Bugzilla didn't quote HTML properly and it
let me edit the text I'm just writing without quoting the above illegal HTML

Comment 4 Archit Shah 2003-12-12 23:49:33 UTC
applied to 6.0.x (38780). still needed on 5.2.x. This does not address
any of the issues branimir brings up.

Note You need to log in before you can comment on or make changes to this bug.