Menu

#1067 Template editing improperly escapes brackets

1.4
closed-fixed
Chris Travers
None
5
2014-02-17
2014-02-13
John Locke
No

In system -> LaTex Templates -> Invoice (as well as the HTML versions), after clicking the Edit button, you can edit templates. However, <>& characters are all escaped with HTML entities.

When attempting to save to see if they got double-escaped, I got a permission denied.

Discussion

  • Chris Travers

    Chris Travers - 2014-02-13

    This is a dojo issue. Apparently the textarea widget escapes these. Without Dojo/JS everything works. Ideas? Should I just blacklist this textarea?

     

  • John Locke

    John Locke - 2014-02-13

    Hmm, I'm not seeing any quick fixes here -- I wonder if dijit/Editor might handle this better, using divs instead of textarea...

     

  • Chris Travers

    Chris Travers - 2014-02-15

    For now I think until we get something working using the divs and Editor I will blacklist the widget by adding an Editor class that gets ignored for purposes of instantiation. that way it can fall back to a basic textarea.

     

  • Chris Travers

    Chris Travers - 2014-02-15

    I will say that I de-escape them on re-entry because of the obvious issues, but that might not be desirable if we solve the escaping issue.

     

  • Chris Travers

    Chris Travers - 2014-02-17
    • status: open --> closed-fixed
    • assigned_to: Chris Travers
     

  • Chris Travers

    Chris Travers - 2014-02-17

    svn 6864

     
MongoDB Logo MongoDB