I'm puzzled, a \0 effectively kills the textarea making very strange
things to the browser, where is this documented? What is happening? How
to prevent it?
[mailto:tikiwiki-devel-admin@...] On Behalf Of Diego
Sent: Tuesday, April 29, 2003 6:42 AM
Cc: Diego Zamboni
Subject: [Tikiwiki-devel] Backslashes cause errors in input boxes
I just submited this to the bugs database, but I think it's bad enough
(particularly the \0 case) to also comment on the list. BTW, how much
thought has been placed on secure programming while developing Tiki?
Have there been any known security problems?
1.6CVS, branch tauceti-bugfixes, updated 9AM CET, Apr 28, 2003.
Backslashes are not handled correctly in input boxes. For example:
- Entering backslash followed by a zero will be expanded to some HTML
tags, that will display incorrectly in the entry, and break the textarea
tag when the entry is edited. As a test, enter "\0 test" in a wiki page
and hit "Preview".
- Entering backslash followed by another digit will show only the number
in the displayed entry, and both the backslash and the number will
disappear from the text entry box when the entry is edited.
- Entering backslash followed by letters will show up as only the letter
in the displayed entry, but it will appear correctly in the edit box.
Since the backslash does not have any special meaning in Tiki markup, I
think it should be properly escaped when entering text, so that it
doesn't cause any strange problems. I wonder if it could have any
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
Tikiwiki-devel mailing list