Edgewall Software

Ticket #979 (closed defect: fixed)

Opened 4 years ago

Last modified 4 years ago

HTML "script" in ticket descriptions causes problems

Reported by: Juanma Barranquero Owned by: cmlenz
Priority: normal Milestone: 0.8.1
Component: wiki system Version: 0.8
Severity: minor Keywords:
Cc:

Description

Theoretically, HTML tags are escaped outside #!html blocks, but putting <script> alone in descriptions seems to wreak some havoc.

Attachments

Change History

Changed 4 years ago by Juanma Barranquero

The easier way to see the problem is putting a script tag in a comment and clickin on "preview".

Changed 4 years ago by cmlenz

  • version changed from devel to 0.8

I can only reproduce this on Firefox (probably other mozilla-based browsers as well). IE6/Win and Safari do the right thing here.

Looking at the HTML generated, the script tag is getting escaped.

Changed 4 years ago by Juanma Barranquero

Not exactly; on previews, the script tag is quoted on the "Comment preview" textarea, but not in the "Comment" one.

IE/Win must be assuming that the script tag ends upon finding {{{

Changed 4 years ago by Juanma Barranquero

[sorry for the unfinished comment]

...upong finding the closing textarea tag, while Firefox does not, so it seems like both a Firefox and a Trac bug.

Changed 4 years ago by cmlenz

  • owner changed from jonas to cmlenz
  • status changed from new to assigned

Changed 4 years ago by cmlenz

  • status changed from assigned to closed
  • resolution set to fixed

Fixed in [1095]. Should also be ported to the stable branch, but I'm lacking the necessary karma.

Changed 4 years ago by cmlenz

  • milestone set to 0.8.1

Add/Change #979 (HTML "script" in ticket descriptions causes problems)

Author



Change Properties
<Author field>
Action
as closed
Next status will be 'reopened'
 
Note: See TracTickets for help on using tickets.