Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTML markup breaks with specific text #8

Open
cmrd-senya opened this issue Sep 10, 2018 · 1 comment · May be fixed by #9
Open

HTML markup breaks with specific text #8

cmrd-senya opened this issue Sep 10, 2018 · 1 comment · May be fixed by #9

Comments

@cmrd-senya
Copy link
Contributor

When you run Redmine with the redmine_wiki_extensions plugin, there is an issue when you post specific text to issue comments (journals) or issue descriptions.

When you type @<div class="some-class">@ in a input text field, save your changes and then reload the page you'll see broken HTML markup on the page, because the input text is interpreted as a part of the HTML code of the page.

2018-09-10 22-44-04

This doesn't happen in plain Redmine, where the text is rendered as it was entered and not embedded in the page HTML code.

Here is the same page, but with redmine_wiki_extensions removed:

2018-09-10 22-48-18
@cmrd-senya
Copy link
Contributor Author

Related to https://code.google.com/archive/p/redminewikiext/issues/4

This issue happens because of this line https://github.com/haru/redmine_wiki_extensions/blob/develop/init.rb#L93

The line explicitly allows posting <div> tags within any textile-formatted text. Commenting out this line makes this issue go, but it brings back the original issue.

cmrd-senya added a commit to cmrd-senya/redmine_wiki_extensions that referenced this issue Sep 11, 2018
@cmrd-senya
Use div macros for header/footer inclusion
2e4df44 
In this changeset I removed <div> from allowed tags as it makes it
possible to post arbitrary <div> tags in journals with @<div>@ markup.

It was originally put there to avoid issue with <p> tag wrapping of
included header/footer blocks by macros.

I found a workaround in current Textile parser which allows to disable
wrapping of macros. This can be done by adding "<code></code>" in the
beginning of the line. This way the rest of the line is rendered as is
without being put in a paragraph.

This behavior may change in RedCloth4, but Redmine is still not there so
we can use this workaround for a while, before Redmine comes up with an
appropriate way to disable paragraphs.

fixes haru#8
related https://code.google.com/archive/p/redminewikiext/issues/4
related https://redmine.org/issues/29588
related https://redmine.org/issues/13695
@cmrd-senya cmrd-senya linked a pull request Sep 11, 2018 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use div macros for header/footer inclusion cmrd-senya/redmine_wiki_extensions
1 participant
@cmrd-senya