Opened 18 years ago
Closed 17 years ago
#2428 closed defect (duplicate)
html wikiprocessor doesn't ensure all tags are closed
| Reported by: | Owned by: | Jonas Borgström | |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | general | Version: | 0.9 |
| Severity: | normal | Keywords: | security |
| Cc: | dkg-debian.org@… | Branch: | |
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
The html WikiProcessor should ensure that all tags opened by the inline html are appropriately closed.
For example, including the following code would effectively swallow up the rest of the page into this trouble-ticket field:
{{{
#!html
<table><tr><td>
}}}
i'll actually post this code directly in a followup to this ticket so that you can see what the page looks like.
Attachments (0)
Change History (7)
comment:1 by , 18 years ago
follow-up: 5 comment:4 by , 18 years ago
I actually consider this a feature of the HTML blocks, since it would allow things like:
[[html(<div style="border: 1px solid red">)]] WikiText with a red border [[html(</div>)]]
WikiText with a red border
follow-up: 6 comment:5 by , 17 years ago
| Cc: | added |
|---|
Replying to mgood:
I actually consider this a feature of the HTML blocks, since it would allow things …
Ah! i can see how that would be useful. But it doesn't really make sense for that to be possible across ticket comments. That is, after rendering each ticket comment, the ticket renderer should close any outstanding open tags. Otherwise, i could do things like hide all remaining comments in the thread with a <div style="display:none;"> wrapped in the html preprocessor, right?
follow-up: 7 comment:6 by , 17 years ago
Replying to dkg-debian.org@fifthhorseman.net:
Replying to mgood:
I actually consider this a feature of the HTML blocks, since it would allow things …
Ah! i can see how that would be useful. But it doesn't really make sense for that to be possible across ticket comments. That is, after rendering each ticket comment, the ticket renderer should close any outstanding open tags.
Agreed.
Otherwise, i could do things like hide all remaining comments in the thread with a
<div style="display:none;">wrapped in the html preprocessor, right?
No, this kind of things is reserved for spammers, and you're not one of them ;)
comment:7 by , 17 years ago
| Resolution: | → duplicate |
|---|---|
| Status: | new → closed |
Replying to cboos:
Replying to dkg-debian.org@fifthhorseman.net:
Replying to mgood:
I actually consider this a feature of the HTML blocks, since it would allow things …
Ah! i can see how that would be useful. But it doesn't really make sense for that to be possible across ticket comments. That is, after rendering each ticket comment, the ticket renderer should close any outstanding open tags.
Agreed.
Following-up on that point in #2048.
Here's me posting the code directly: note how the remainder of the page gets swallowed up by this followup:
Now we're in a table!
comment:2 by dkg-debian.org@…, 18 years ago
here's another example of an unclosed tag:
It's all bold and underlined and big and italic!comment:3 by Christian Boos, 18 years ago
The idea is that if you need to go down to the HTML level, you should also be able to do it "cleanly"…
I'm not sure it makes sense to implement some kind of HTML parser here, as you can Preview the effect of your macro and correct it, if needed.
Sure, #454 would help here too, when you forgot to preview…