#100
  • Created on
    2010-02-01 10:54
  • Reported by
    nick_ramsay
  • Status
    Fixed
  • Priority
    Low (4)
  • Assigned to
    nick_ramsay
  • Milestone
    RC1
  • Plan Level
    -
  • Due Date
    -

Attachments

Related Tickets

Add new subtask or bug

htmLawed followed by sanitize is stripping STRIKE

htmLawed followed by sanitize is stripping STRIKE:

Take for example the comment form. By default, we allow the "strike" tag. htmLawed also allows the strike tag, but it converts it to a span with style and an underscore property. Therefore, strike is no longer in the string when passed to sanitize. To fix this, I'd like to rework the sanitize function to include a 3rd option that doesn't strip tags. I'd also like to change the parameter from a non-descriptive numeric to something that understandable like "no_ents" (for no htmlentities), "no_tags" and no parameter needed if you want both. I think this will make the code clearer and more flexible, but it's a pretty big task and will have to wait a while.

Technically, we shouldn't need to run sanitize after htmLawed, but configuring htmLawed looks like quite a science which I'd rather not spend time on. Sanitize is nice because it's easy to see what it does from the function.
User picture
  on 2010-02-02 12:23 *
By nick_ramsay
Status changed from New to Test
The simple solution was to change STRIKE with DEL since the first is deprecated. I've changed sanitize (must update the docs!). Please test these changes because they affect over 30 files.
User picture
  on 2010-03-07 08:32 *
By nick_ramsay
Status changed from Test to Fixed
Updating tickets (#83, #92, #95, #97, #123, #80, #84, #86, #87, #93, #102, #103, #107, #109, #112, #115, #116, #117, #69, #79, #85, #89, #90, #94, #108, #111, #118, #119, #122, #73, #100, #101)