23 Oct
2013
23 Oct
'13
3:48 a.m.
In the user description field of the error reporting server, new lines
are represented as \n rather than <br> or some other HTML-friendly
means. This is easy to fix, however I'm not sure where best to fix it.
Do we convert the raw input before submission (line 58 of
libraries/error_report.lib.php or on display (line 88 of
app/View/Incidents/view.ctp)? I think it's best to do it on submission,
but wanted to double-check first.
23 Oct
23 Oct
4 a.m.
On 10/22/13 8:48 PM, Isaac Bennetch wrote:
In the user description field of the error reporting
server, new lines
are represented as \n rather than <br> or some other HTML-friendly
means. This is easy to fix, however I'm not sure where best to fix it.
Do we convert the raw input before submission (line 58 of
libraries/error_report.lib.php or on display (line 88 of
app/View/Incidents/view.ctp)? I think it's best to do it on submission,
but wanted to double-check first.
For example, see http://reports.phpmyadmin.net/incidents/view/62
10:08 a.m.
2013/10/23 Isaac Bennetch <bennetch(a)gmail.com>
On 10/22/13 8:48 PM, Isaac Bennetch wrote:
Just a thought (I haven't looked at the code): if user's description is
just a plain text it would be better to just pass it through nl2br just
before displaying, after making sure that we convert all "\n" escape
sequences to proper newlines before text is saved to our database.
--
Regards,
Piotr Przybylski
In the user description field of the error
reporting server, new lines
are represented as \n rather than <br> or some other HTML-friendly
means. This is easy to fix, however I'm not sure where best to fix it.
Do we convert the raw input before submission (line 58 of
libraries/error_report.lib.php or on display (line 88 of
app/View/Incidents/view.ctp)? I think it's best to do it on submission,
but wanted to double-check first.
For example, see http://reports.phpmyadmin.net/incidents/view/62
10:17 a.m.
Hi
Dne Tue, 22 Oct 2013 20:48:14 -0400
Isaac Bennetch <bennetch(a)gmail.com> napsal(a):
In the user description field of the error reporting
server, new lines
are represented as \n rather than <br> or some other HTML-friendly
means. This is easy to fix, however I'm not sure where best to fix it.
Do we convert the raw input before submission (line 58 of
libraries/error_report.lib.php or on display (line 88 of
app/View/Incidents/view.ctp)? I think it's best to do it on submission,
but wanted to double-check first.
Doing this on submission time would bring HTML into the server and we
would have to do some sanity checking on it while displaying...
--
Michal Čihař | http://cihar.com | http://phpmyadmin.net
10:28 a.m.
2013/10/23 Michal Čihař <michal(a)cihar.com>
Hi
Dne Tue, 22 Oct 2013 20:48:14 -0400
Isaac Bennetch <bennetch(a)gmail.com> napsal(a):
I don't think users should be allowed to any HTML in bug reports. It will
be much simpler then:
1. Unescape all escape sequences before storing them on our server, eg. \n
-> newline
2. Use nl2br before displaying, or wrap text with HTML block element with:
white-space: -moz-pre-wrap; /* Firefox */
white-space: -o-pre-wrap; /* Opera */
white-space: pre-wrap; /* Chrome; W3C standard */
word-wrap: break-word; /* IE */
It may require some tweaking, but it's doable in CSS.
--
Regards,
Piotr Przybylski
In the user description field of the error
reporting server, new lines
are represented as \n rather than <br> or some other HTML-friendly
means. This is easy to fix, however I'm not sure where best to fix it.
Do we convert the raw input before submission (line 58 of
libraries/error_report.lib.php or on display (line 88 of
app/View/Incidents/view.ctp)? I think it's best to do it on submission,
but wanted to double-check first.
Doing this on submission time would bring HTML into the server and we
would have to do some sanity checking on it while displaying...
12:18 p.m.
Hi
Dne Wed, 23 Oct 2013 09:28:12 +0200
Piotr Przybylski <piotr.prz(a)gmail.com> napsal(a):
2013/10/23 Michal Čihař <michal(a)cihar.com>
I agree to that. I just wanted to mention that in case we would do
processing on the client side, it would make it harder later.
Hi
Dne Tue, 22 Oct 2013 20:48:14 -0400
Isaac Bennetch <bennetch(a)gmail.com> napsal(a):
I don't think users should be allowed to any HTML in bug reports. It will
be much simpler then: In the user description field of the error
reporting server, new lines
are represented as \n rather than <br> or some other HTML-friendly
means. This is easy to fix, however I'm not sure where best to fix it.
Do we convert the raw input before submission (line 58 of
libraries/error_report.lib.php or on display (line 88 of
app/View/Incidents/view.ctp)? I think it's best to do it on submission,
but wanted to double-check first.
Doing this on submission time would bring HTML into the server and we
would have to do some sanity checking on it while displaying...
1. Unescape all escape sequences before storing them
on our server, eg. \n
-> newline
I haven't checked the code, but I doubt user has entered \n, I think
there is rather some escaping done which converted newlines into \n.
2. Use nl2br before displaying, or wrap text with HTML
block element with:
white-space: -moz-pre-wrap; /* Firefox */
white-space: -o-pre-wrap; /* Opera */
white-space: pre-wrap; /* Chrome; W3C standard */
word-wrap: break-word; /* IE */
It may require some tweaking, but it's doable in CSS.
Using nl2br is probably easier.
--
Michal Čihař | http://cihar.com | http://phpmyadmin.net
11:09 p.m.
On 10/23/13 5:18 AM, Michal Čihař wrote:
Hi
Dne Wed, 23 Oct 2013 09:28:12 +0200
Piotr Przybylski <piotr.prz(a)gmail.com> napsal(a):
Thanks everyone for the comments. I wasn't able to test my patch, but it
should be fixed by pull request at
https://github.com/phpmyadmin/error-reporting-server/pull/21
2013/10/23 Michal Čihař <michal(a)cihar.com>
I agree to that. I just wanted to mention that in case we would do
processing on the client side, it would make it harder later.
Hi
Dne Tue, 22 Oct 2013 20:48:14 -0400
Isaac Bennetch <bennetch(a)gmail.com> napsal(a):
I don't think users should be allowed to any HTML in bug reports. It will
be much simpler then: In the user description field of the error
reporting server, new lines
are represented as \n rather than <br> or some other HTML-friendly
means. This is easy to fix, however I'm not sure where best to fix it.
Do we convert the raw input before submission (line 58 of
libraries/error_report.lib.php or on display (line 88 of
app/View/Incidents/view.ctp)? I think it's best to do it on submission,
but wanted to double-check first.
Doing this on submission time would bring HTML into the server and we
would have to do some sanity checking on it while displaying...
1. Unescape all escape sequences before storing
them on our server, eg. \n
-> newline
I haven't checked the code, but I doubt user has entered \n, I think
there is rather some escaping done which converted newlines into \n.
2. Use nl2br before displaying, or wrap text with
HTML block element with:
white-space: -moz-pre-wrap; /* Firefox */
white-space: -o-pre-wrap; /* Opera */
white-space: pre-wrap; /* Chrome; W3C standard */
word-wrap: break-word; /* IE */
It may require some tweaking, but it's doable in CSS.
Using nl2br is probably easier.
3981
days inactive
3981
days old
6 comments
3 participants
participants (3)
-
Isaac Bennetch -
Michal Čihař -
Piotr Przybylski