In the user description field of the error reporting server, new lines are represented as \n rather than <br> or some other HTML-friendly means. This is easy to fix, however I'm not sure where best to fix it.
Do we convert the raw input before submission (line 58 of libraries/error_report.lib.php or on display (line 88 of app/View/Incidents/view.ctp)? I think it's best to do it on submission, but wanted to double-check first.
On 10/22/13 8:48 PM, Isaac Bennetch wrote:
In the user description field of the error reporting server, new lines are represented as \n rather than <br> or some other HTML-friendly means. This is easy to fix, however I'm not sure where best to fix it.
Do we convert the raw input before submission (line 58 of libraries/error_report.lib.php or on display (line 88 of app/View/Incidents/view.ctp)? I think it's best to do it on submission, but wanted to double-check first.
For example, see http://reports.phpmyadmin.net/incidents/view/62
2013/10/23 Isaac Bennetch bennetch@gmail.com
On 10/22/13 8:48 PM, Isaac Bennetch wrote:
In the user description field of the error reporting server, new lines are represented as \n rather than <br> or some other HTML-friendly means. This is easy to fix, however I'm not sure where best to fix it.
Do we convert the raw input before submission (line 58 of libraries/error_report.lib.php or on display (line 88 of app/View/Incidents/view.ctp)? I think it's best to do it on submission, but wanted to double-check first.
For example, see http://reports.phpmyadmin.net/incidents/view/62
Just a thought (I haven't looked at the code): if user's description is just a plain text it would be better to just pass it through nl2br just before displaying, after making sure that we convert all "\n" escape sequences to proper newlines before text is saved to our database.
Hi
Dne Tue, 22 Oct 2013 20:48:14 -0400 Isaac Bennetch bennetch@gmail.com napsal(a):
In the user description field of the error reporting server, new lines are represented as \n rather than <br> or some other HTML-friendly means. This is easy to fix, however I'm not sure where best to fix it.
Do we convert the raw input before submission (line 58 of libraries/error_report.lib.php or on display (line 88 of app/View/Incidents/view.ctp)? I think it's best to do it on submission, but wanted to double-check first.
Doing this on submission time would bring HTML into the server and we would have to do some sanity checking on it while displaying...
2013/10/23 Michal Čihař michal@cihar.com
Hi
Dne Tue, 22 Oct 2013 20:48:14 -0400 Isaac Bennetch bennetch@gmail.com napsal(a):
In the user description field of the error reporting server, new lines are represented as \n rather than <br> or some other HTML-friendly means. This is easy to fix, however I'm not sure where best to fix it.
Do we convert the raw input before submission (line 58 of libraries/error_report.lib.php or on display (line 88 of app/View/Incidents/view.ctp)? I think it's best to do it on submission, but wanted to double-check first.
Doing this on submission time would bring HTML into the server and we would have to do some sanity checking on it while displaying...
I don't think users should be allowed to any HTML in bug reports. It will be much simpler then: 1. Unescape all escape sequences before storing them on our server, eg. \n -> newline 2. Use nl2br before displaying, or wrap text with HTML block element with: white-space: -moz-pre-wrap; /* Firefox */ white-space: -o-pre-wrap; /* Opera */ white-space: pre-wrap; /* Chrome; W3C standard */ word-wrap: break-word; /* IE */ It may require some tweaking, but it's doable in CSS.
Hi
Dne Wed, 23 Oct 2013 09:28:12 +0200 Piotr Przybylski piotr.prz@gmail.com napsal(a):
2013/10/23 Michal Čihař michal@cihar.com
Hi
Dne Tue, 22 Oct 2013 20:48:14 -0400 Isaac Bennetch bennetch@gmail.com napsal(a):
In the user description field of the error reporting server, new lines are represented as \n rather than <br> or some other HTML-friendly means. This is easy to fix, however I'm not sure where best to fix it.
Do we convert the raw input before submission (line 58 of libraries/error_report.lib.php or on display (line 88 of app/View/Incidents/view.ctp)? I think it's best to do it on submission, but wanted to double-check first.
Doing this on submission time would bring HTML into the server and we would have to do some sanity checking on it while displaying...
I don't think users should be allowed to any HTML in bug reports. It will be much simpler then:
I agree to that. I just wanted to mention that in case we would do processing on the client side, it would make it harder later.
- Unescape all escape sequences before storing them on our server, eg. \n
-> newline
I haven't checked the code, but I doubt user has entered \n, I think there is rather some escaping done which converted newlines into \n.
- Use nl2br before displaying, or wrap text with HTML block element with: white-space: -moz-pre-wrap; /* Firefox */ white-space: -o-pre-wrap; /* Opera */ white-space: pre-wrap; /* Chrome; W3C standard */ word-wrap: break-word; /* IE */
It may require some tweaking, but it's doable in CSS.
Using nl2br is probably easier.
On 10/23/13 5:18 AM, Michal Čihař wrote:
Hi
Dne Wed, 23 Oct 2013 09:28:12 +0200 Piotr Przybylski piotr.prz@gmail.com napsal(a):
2013/10/23 Michal Čihař michal@cihar.com
Hi
Dne Tue, 22 Oct 2013 20:48:14 -0400 Isaac Bennetch bennetch@gmail.com napsal(a):
In the user description field of the error reporting server, new lines are represented as \n rather than <br> or some other HTML-friendly means. This is easy to fix, however I'm not sure where best to fix it.
Do we convert the raw input before submission (line 58 of libraries/error_report.lib.php or on display (line 88 of app/View/Incidents/view.ctp)? I think it's best to do it on submission, but wanted to double-check first.
Doing this on submission time would bring HTML into the server and we would have to do some sanity checking on it while displaying...
I don't think users should be allowed to any HTML in bug reports. It will be much simpler then:
I agree to that. I just wanted to mention that in case we would do processing on the client side, it would make it harder later.
- Unescape all escape sequences before storing them on our server, eg. \n
-> newline
I haven't checked the code, but I doubt user has entered \n, I think there is rather some escaping done which converted newlines into \n.
- Use nl2br before displaying, or wrap text with HTML block element with: white-space: -moz-pre-wrap; /* Firefox */ white-space: -o-pre-wrap; /* Opera */ white-space: pre-wrap; /* Chrome; W3C standard */ word-wrap: break-word; /* IE */
It may require some tweaking, but it's doable in CSS.
Using nl2br is probably easier.
Thanks everyone for the comments. I wasn't able to test my patch, but it should be fixed by pull request at https://github.com/phpmyadmin/error-reporting-server/pull/21
-
Isaac Bennetch -
Michal Čihař -
Piotr Przybylski