[Rt-devel] the /CLASS modifier in ParseFormat
Jesse Vincent
jesse at bestpractical.com
Tue Aug 21 13:40:25 EDT 2007
On Aug 21, 2007, at 9:55 AM, Nicholas Clark wrote:
> On Mon, Aug 20, 2007 at 09:22:37PM +0100, Nicholas Clark wrote:
>> On Tue, Aug 21, 2007 at 12:18:47AM +0400, Ruslan Zakirov wrote:
>>> as well it may be better to join classes instead of replacing.
>>
>>>> On Aug 20, 2007, at 11:55 AM, Nicholas Clark wrote:
>>
>>>>> - $m->out('<td class="collection-as-table" ');
>>>>> + my $class = $column->{class} || 'collection-as-table';
>>>>> + $m->out(qq{<td class="$class" });
>>
>> I wasn't sure about that. I initially had the code appending to
>> the class,
>> but it occurred to me that then there wasn't a way to take out
>> 'collection-as-table' if you wanted to do that. Whereas this way,
>> you can
>> add it in if you also need it.
>
> Done (my way for now) as revision 8669. Please change it if necessary.
>
> I attempted to make a patch to counter potential XSS problems with /
> ALIGN
> and /STYLE, but couldn't manage to be sure that it was working so
> didn't
> commit it. (Couldn't actually craft a query string that would parse
> correctly,
> and I am under severe time pressure, so I can't stop to resolve
> this. Sorry)
>
> I've appended the patch - I think that it is correct, but I can't
> prove it.
>
+1. Go for it.
> Nicholas Clark
>
> Index: html/Elements/CollectionAsTable/Row
> ===================================================================
> --- html/Elements/CollectionAsTable/Row (revision 8669)
> +++ html/Elements/CollectionAsTable/Row (working copy)
> @@ -75,8 +75,12 @@
> my $class = $column->{class}
> ? encode_entities($column->{class}, q{'"&<>}) : 'collection-as-
> table';
> $m->out(qq{<td class="$class" });
> - $m->out( 'align="' . $column->{align} . '"' ) if ( $column->
> {align} );
> - $m->out( 'style="' . $column->{style} . '"' ) if ( $column->
> {style} );
> + if ( $column->{align} ) {
> + $m->out( 'align="' . encode_entities( $column->{align}, q
> {'"&<>} ) . '"' ) ;
> + }
> + if ( $column->{style} ) {
> + $m->out( 'style="' . encode_entities( $column->{style}, q
> {'"&<>} ) . '"' ) ;
> + }
> $m->out('>');
> foreach my $subcol ( @{ $column->{output} } ) {
> if ( $subcol =~ /^__(.*?)__$/o ) {
> _______________________________________________
> List info: http://lists.bestpractical.com/cgi-bin/mailman/listinfo/
> rt-devel
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.bestpractical.com/pipermail/rt-devel/attachments/20070821/57365935/PGP.pgp
More information about the Rt-devel
mailing list