Issue 36 in rave-in-context: Description shows escaped HTML in group browser

1 view
Skip to first unread message

rave-in-context....@codespot.com

unread,
Nov 7, 2011, 6:41:58 PM11/7/11
to raveinco...@googlegroups.com
Status: Accepted
Owner: sander.v...@gmail.com
Labels: Type-Defect Priority-Medium

New issue 36 by sander.v...@gmail.com: Description shows escaped HTML in
group browser
http://code.google.com/a/apache-extras.org/p/rave-in-context/issues/detail?id=36

The item detail of the group browser widget contains escaped HTML tags if
there are HTML tags in the description.

For example:

{{{
<group uri="http://www.myexperiment.org/group.xml?id=5"
resource="http://www.myexperiment.org/groups/5">
<id>5</id>
<description>Introduction&#xD;
============&#xD;
&#xD;
So, this is a Social Network site. I'm just experimenting in an attempt to
understand why I shuld use this and not something else.&#xD;
&#xD;
Questions to answer&#xD;
-------------------&#xD;
&#xD;

&lt;ol&gt;
&lt;li value="1"&gt;The first obvious difference is the use of OpenID to
log in, good. I wonder if this will allow us to itegrate with other OpenID
apps.&#xD;&lt;/li&gt;
&lt;li value="1"&gt;Where's the

....
</description>
...
</group>
}}}


rave-in-context....@codespot.com

unread,
Nov 7, 2011, 6:47:05 PM11/7/11
to raveinco...@googlegroups.com
Updates:
Status: Fixed

Comment #1 on issue 36 by sander.v...@gmail.com: Description shows escaped

HTML in group browser
http://code.google.com/a/apache-extras.org/p/rave-in-context/issues/detail?id=36

Suggested solution is to add disable-output-escaping="true" to the xsl
value-of select of the description tag.

However, because the description is truncated to the first 255 characters
that could mean that invalid HTML is being generated which leads to an
error message on Google Chrome. The patch attached disables output escaping
and just displays the full description field without truncating. I'm sure
with CSS the content really displayed can be limited but I'm not proficient
enough with CSS to do that.
Of course, if the description field contains invalid escaped HTML it will
still show an error message.

I'm assuming the same problem occurs in different templates but I won't
submit a patch for all of these until I'm sure this is an acceptable
solution.

Attachments:
descriptionOutputEscaping.patch 573 bytes

Reply all
Reply to author
Forward
0 new messages