Hi
Dne Wed, 23 Oct 2013 09:28:12 +0200
Piotr Przybylski <piotr.prz(a)gmail.com> napsal(a):
2013/10/23 Michal Čihař <michal(a)cihar.com>
Hi
Dne Tue, 22 Oct 2013 20:48:14 -0400
Isaac Bennetch <bennetch(a)gmail.com> napsal(a):
In the user description field of the error
reporting server, new lines
are represented as \n rather than <br> or some other HTML-friendly
means. This is easy to fix, however I'm not sure where best to fix it.
Do we convert the raw input before submission (line 58 of
libraries/error_report.lib.php or on display (line 88 of
app/View/Incidents/view.ctp)? I think it's best to do it on submission,
but wanted to double-check first.
Doing this on submission time would bring HTML into the server and we
would have to do some sanity checking on it while displaying...
I don't think users should be allowed to any HTML in bug reports. It will
be much simpler then:
I agree to that. I just wanted to mention that in case we would do
processing on the client side, it would make it harder later.
1. Unescape all escape sequences before storing them
on our server, eg. \n
-> newline
I haven't checked the code, but I doubt user has entered \n, I think
there is rather some escaping done which converted newlines into \n.
2. Use nl2br before displaying, or wrap text with HTML
block element with:
white-space: -moz-pre-wrap; /* Firefox */
white-space: -o-pre-wrap; /* Opera */
white-space: pre-wrap; /* Chrome; W3C standard */
word-wrap: break-word; /* IE */
It may require some tweaking, but it's doable in CSS.
Using nl2br is probably easier.
--
Michal Čihař |
http://cihar.com |
http://phpmyadmin.net