#979 closed defect (fixed)
HTML "script" in ticket descriptions causes problems
| Reported by: | Juanma Barranquero | Owned by: | Christopher Lenz |
|---|---|---|---|
| Priority: | normal | Milestone: | 0.8.1 |
| Component: | wiki system | Version: | 0.8 |
| Severity: | minor | Keywords: | |
| Cc: | Branch: | ||
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
Theoretically, HTML tags are escaped outside #!html blocks, but putting <script> alone in descriptions seems to wreak some havoc.
Attachments (0)
Change History (7)
comment:1 by , 20 years ago
comment:2 by , 20 years ago
| Version: | devel → 0.8 |
|---|
I can only reproduce this on Firefox (probably other mozilla-based browsers as well). IE6/Win and Safari do the right thing here.
Looking at the HTML generated, the script tag is getting escaped.
comment:3 by , 20 years ago
Not exactly; on previews, the script tag is quoted on the "Comment preview" textarea, but not in the "Comment" one.
IE/Win must be assuming that the script tag ends upon finding {{{
comment:4 by , 20 years ago
[sorry for the unfinished comment]
…upong finding the closing textarea tag, while Firefox does not, so it seems like both a Firefox and a Trac bug.
comment:5 by , 20 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:6 by , 20 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed in [1095]. Should also be ported to the stable branch, but I'm lacking the necessary karma.
comment:7 by , 20 years ago
| Milestone: | → 0.8.1 |
|---|
The easier way to see the problem is putting a script tag in a comment and clickin on "preview".