[geeklog-devel] 1.8.1

Dirk Haun dirk at haun-online.de
Tue Jul 19 15:15:49 EDT 2011


>> Dirk did you get to that bug? I see that you have been busy checking stuff
>> in.
> 
> I haven't tried to understand the original issue yet. Maybe over the weekend ...

Okay, only 4 weekends later ... This is about bug #1368 again, see http://project.geeklog.net/tracking/view.php?id=1368

In the current state, not only is the [code] tag broken, but we're also leaving a couple of special characters unescaped, e.g. curly braces (which could lead to things being interpreted as template variables) and ampersands.

I think what we should be doing is to revert things to how they were in 1.7.2. This will then break JavaScript embeded in stories again, but I think the alternative of accidentally executing JavaScript that you thought was safe inside a [code] tag is far worse.

Tom's idea of treating things inside and outside of [code] differently doesn't seem to cover all use cases (see curly braces). I guess we'll probably have to introduce another tag that says "leave this alone, I know what I'm doing" eventually. For example, a [script] tag.

My plan would be to revert to the pre-1.8.0 state in 1.8.1 (effectively, remove the 2 calls to COM_undoSpecialChars), and address the JavaScript issue later.

Comments?

bye, Dirk




More information about the geeklog-devel mailing list