noosfero | raw-html-article: escape body before rendering on edit (#557)
Larissa Reis
gitlab at gitlab.com
Thu May 28 11:54:31 BRT 2015
New comment for Merge Request 557
https://gitlab.com/noosfero/noosfero/merge_requests/557#note_1296747
Larissa Reis
`#html_safe?` back hunting us :(
This fix is too specific IMO. This problem is not exclusive to raw html articles. Any type of article that directly uses a text area (instead of tinymce, like textile articles; tasks related to articles, like the spread functionality, etc) will generate a malformed html if the user tries to edit an article that contains a text area tag. Could you make a more generic fix? Or maybe we should probably just escape unwanted html tags before saving to the db.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20150528/288fd3b4/attachment.html>
More information about the Noosfero-dev
mailing list