[rt-users] Bug? TSV data includes HTML br tags
Kevin Falcone
falcone at bestpractical.com
Fri Feb 10 10:34:56 EST 2012
On Thu, Feb 09, 2012 at 05:58:36PM -0500, Kevin Falcone wrote:
> On Thu, Feb 09, 2012 at 01:36:22PM -0500, Jeff Blaine wrote:
> > Actually, this is maybe a bug in Mason? If I follow
> > the code chain:
> >
> > push @row, ProcessColumnMapValue ($attr,
> > Arguments => [ $Ticket, 0 ], Escape => 1);
> >
> > ProcessColumnMapValue() is defined in lib/RT/Interface/Web.pm:
> >
> > ...
> > return $m->interp->apply_escapes( $value, 'h' ) if $args{'Escape'};
> > ...
> >
> > So it appears apply_escapes() is leaving behind '<br/>' tags?
> >
> > Has anyone else seen this?
>
> apply_escapes just calls a filter on output. You can use built-in
> mason filters or custom ones. RT happens to hook the h one to call
> the EscapeUTF8 function in Web.pm, and you can look at what kind of
> transform it does.
>
> ProcessColumnMapValue is the method that's used in outputting row data
> in ticket listings too, so you can get a sense of where else that code
> is run.
I forgot to mention that you'll want to look carefully at the data
returned. Some CF data is returned flagged "don't escape me" by being
a reference, so something you expect to be escaped may be protected
from escaping.
-kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20120210/eb7a1e04/attachment.sig>
More information about the rt-users
mailing list