#979 closed defect (fixed)
HTML "script" in ticket descriptions causes problems
Reported by: | Juanma Barranquero | Owned by: | Christopher Lenz |
---|---|---|---|
Priority: | normal | Milestone: | 0.8.1 |
Component: | wiki system | Version: | 0.8 |
Severity: | minor | Keywords: | |
Cc: | Branch: | ||
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description
Theoretically, HTML tags are escaped outside #!html blocks, but putting <script> alone in descriptions seems to wreak some havoc.
Attachments (0)
Change History (7)
comment:1 by , 20 years ago
comment:2 by , 20 years ago
Version: | devel → 0.8 |
---|
I can only reproduce this on Firefox (probably other mozilla-based browsers as well). IE6/Win and Safari do the right thing here.
Looking at the HTML generated, the script
tag is getting escaped.
comment:3 by , 20 years ago
Not exactly; on previews, the script
tag is quoted on the "Comment preview" textarea
, but not in the "Comment" one.
IE/Win must be assuming that the script
tag ends upon finding {{{
comment:4 by , 20 years ago
[sorry for the unfinished comment]
…upong finding the closing textarea
tag, while Firefox does not, so it seems like both a Firefox and a Trac bug.
comment:5 by , 20 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:6 by , 20 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Fixed in [1095]. Should also be ported to the stable branch, but I'm lacking the necessary karma.
comment:7 by , 20 years ago
Milestone: | → 0.8.1 |
---|
The easier way to see the problem is putting a script tag in a comment and clickin on "preview".