[Rt-commit] rt branch 5.0/format-strings-dont-need-html-structure-checked created. rt-5.0.2-258-gebd4c6b6ff
BPS Git Server
git at git.bestpractical.com
Tue Jun 14 13:56:24 UTC 2022
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rt".
The branch, 5.0/format-strings-dont-need-html-structure-checked has been created
at ebd4c6b6ffb0163975788d9a9f87ab6dd510b6e4 (commit)
- Log -----------------------------------------------------------------
commit ebd4c6b6ffb0163975788d9a9f87ab6dd510b6e4
Author: Brian Conry <bconry at bestpractical.com>
Date: Tue Jun 7 15:30:23 2022 -0500
Exempt some format strings from HTML::Gumbo
HTML::Gumbo undoes some of the escaping applied by EscapeHTML that is
necessary for properly displaying apostrophes in column titles.
This adds a flag to the scrubbing methods to skip the structure check in
cases, such as format strings, where we do not ever expect to have that
type of issue, and where side-effects of doing that check cause
problems.
diff --git a/lib/RT/Interface/Web/Scrubber.pm b/lib/RT/Interface/Web/Scrubber.pm
index f44f7784eb..42e2e453c1 100644
--- a/lib/RT/Interface/Web/Scrubber.pm
+++ b/lib/RT/Interface/Web/Scrubber.pm
@@ -221,10 +221,20 @@ L<HTML::Scrubber/scrub>.
sub scrub {
my $self = shift;
my $Content = shift // '';
-
- # First pass through HTML::Gumbo to balance the tags
- eval { $Content = $self->gumbo->parse( $Content ); chomp $Content };
- warn "HTML::Gumbo pre-parse failed: $@" if $@;
+ my $skip_structure_check = shift // 0;
+
+ # Some strings come from trusted sources so that we can be sure that they
+ # don't contain the types of tags that need to be checked for being
+ # balanced. Further, some of these strings (specifically format strings
+ # for table output) may contain "unnecessary" HTML entities, such as ',
+ # that need to remain as-is for other reasons, but HTML::Gumbo converts
+ # them to their "normal" form, such as '. This can cause display errors,
+ # so we have an option to skip the check with HTML::Gumbo.
+ unless ( $skip_structure_check ) {
+ # First pass through HTML::Gumbo to balance the tags
+ eval { $Content = $self->gumbo->parse( $Content ); chomp $Content };
+ warn "HTML::Gumbo pre-parse failed: $@" if $@;
+ }
return $self->SUPER::scrub($Content);
}
diff --git a/share/html/Elements/CollectionList b/share/html/Elements/CollectionList
index 95410282df..43eccb001c 100644
--- a/share/html/Elements/CollectionList
+++ b/share/html/Elements/CollectionList
@@ -104,8 +104,8 @@ $Collection->GotoPage( $Page - 1 ); # SB uses page 0 as the first page
$DisplayFormat ||= $Format;
# Scrub the html of the format string to remove any potential nasties.
-$Format = $m->comp('/Elements/ScrubHTML', Content => $Format);
-$DisplayFormat = $m->comp('/Elements/ScrubHTML', Content => $DisplayFormat);
+$Format = $m->comp('/Elements/ScrubHTML', Content => $Format, SkipStructureCheck => 1);
+$DisplayFormat = $m->comp('/Elements/ScrubHTML', Content => $DisplayFormat, SkipStructureCheck => 1);
my @Format = $m->comp('/Elements/CollectionAsTable/ParseFormat', Format => $DisplayFormat);
diff --git a/share/html/Elements/ScrubHTML b/share/html/Elements/ScrubHTML
index 119adc5f74..996166a0e5 100644
--- a/share/html/Elements/ScrubHTML
+++ b/share/html/Elements/ScrubHTML
@@ -46,8 +46,9 @@
%#
%# END BPS TAGGED BLOCK }}}
<%init>
-return ScrubHTML($Content);
+return ScrubHTML($Content, $SkipStructureCheck);
</%init>
<%args>
$Content => undef
+$SkipStructureCheck => undef
</%args>
-----------------------------------------------------------------------
hooks/post-receive
--
rt
More information about the rt-commit
mailing list