[geeklog-devel] 1.8.1
Dirk Haun
dirk at haun-online.de
Tue Jul 19 15:15:49 EDT 2011
>> Dirk did you get to that bug? I see that you have been busy checking stuff
>> in.
>
> I haven't tried to understand the original issue yet. Maybe over the weekend ...
Okay, only 4 weekends later ... This is about bug #1368 again, see http://project.geeklog.net/tracking/view.php?id=1368
In the current state, not only is the [code] tag broken, but we're also leaving a couple of special characters unescaped, e.g. curly braces (which could lead to things being interpreted as template variables) and ampersands.
I think what we should be doing is to revert things to how they were in 1.7.2. This will then break JavaScript embeded in stories again, but I think the alternative of accidentally executing JavaScript that you thought was safe inside a [code] tag is far worse.
Tom's idea of treating things inside and outside of [code] differently doesn't seem to cover all use cases (see curly braces). I guess we'll probably have to introduce another tag that says "leave this alone, I know what I'm doing" eventually. For example, a [script] tag.
My plan would be to revert to the pre-1.8.0 state in 1.8.1 (effectively, remove the 2 calls to COM_undoSpecialChars), and address the JavaScript issue later.
Comments?
bye, Dirk
More information about the geeklog-devel
mailing list