2013/10/23 Michal Èihaø <michal@cihar.com>

Hi

Dne Tue, 22 Oct 2013 20:48:14 -0400
Isaac Bennetch <bennetch@gmail.com> napsal(a):

> In the user description field of the error reporting server, new lines
> are represented as \n rather than <br> or some other HTML-friendly
> means. This is easy to fix, however I'm not sure where best to fix it.
>
> Do we convert the raw input before submission (line 58 of
> libraries/error_report.lib.php or on display (line 88 of
> app/View/Incidents/view.ctp)? I think it's best to do it on submission,
> but wanted to double-check first.

Doing this on submission time would bring HTML into the server and we
would have to do some sanity checking on it while displaying...

I don't think users should be allowed to any HTML in bug reports. It will be much simpler then:

1. Unescape all escape sequences before storing them on our server, eg. \n -> newline

2. Use nl2br before displaying, or wrap text with HTML block element with:
    white-space: -moz-pre-wrap; /* Firefox */
    white-space: -o-pre-wrap; /* Opera */
    white-space: pre-wrap; /* Chrome; W3C standard */
    word-wrap: break-word; /* IE */

It may require some tweaking, but it's doable in CSS.

--

Regards,

Piotr Przybylski