[rt-users] Bug? TSV data includes HTML br tags

Kevin Falcone falcone at bestpractical.com
Fri Feb 10 10:34:56 EST 2012


On Thu, Feb 09, 2012 at 05:58:36PM -0500, Kevin Falcone wrote:
> On Thu, Feb 09, 2012 at 01:36:22PM -0500, Jeff Blaine wrote:
> > Actually, this is maybe a bug in Mason?  If I follow
> > the code chain:
> > 
> >     push @row, ProcessColumnMapValue ($attr,
> >                        Arguments => [ $Ticket, 0 ], Escape => 1);
> > 
> > ProcessColumnMapValue() is defined in lib/RT/Interface/Web.pm:
> > 
> >     ...
> >     return $m->interp->apply_escapes( $value, 'h' ) if $args{'Escape'};
> >     ...
> > 
> > So it appears apply_escapes() is leaving behind '<br/>' tags?
> > 
> > Has anyone else seen this?
> 
> apply_escapes just calls a filter on output.  You can use built-in
> mason filters or custom ones.  RT happens to hook the h one to call
> the EscapeUTF8 function in Web.pm, and you can look at what kind of
> transform it does.
> 
> ProcessColumnMapValue is the method that's used in outputting row data
> in ticket listings too, so you can get a sense of where else that code
> is run.

I forgot to mention that you'll want to look carefully at the data
returned.  Some CF data is returned flagged "don't escape me" by being
a reference, so something you expect to be escaped may be protected
from escaping.

-kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20120210/eb7a1e04/attachment.sig>


More information about the rt-users mailing list