Menu
▾
▴
#263 Rendering HTML Descriptions on Hover
This is in regard to event descriptions that contain rich text (HTML). When I click on the event title, the HTML renders fine in the pop-up. However, if I hover over the event, the floating window just displays HTML code. How can this be fixed?
1) What version of PHP iCalendar are you using? 2.31
2) Did you try to run PHP iCalendar before making any changes to the config? YES
3) Where is your PHP iCalendar installation? http://niskypto.info/phpicalendar
4) What software are you using to generate your calendar? ZOHO Creator provides the ical feed. See here http://help.creator.zoho.com/iCal-Feed.html
5) What version of PHP are you using? At Dreamhost, php5
This can be fixed, but the current development version of phpicalendar intentionally strips all HTML tags when displaying event descriptions. This is a measure to decrease the chance of XSS injection vulnerabilities. (A security risk.)
A "proper" fix would be using a whitelist for allowed HTML tags and attributes. This would strip any "dangerous" content, while allowing some limited HTML capabilities. We already have a solution in place for using HTML within the title/hover/tooltip box, thanks to [the highly modified] Nice Titles: http://www.kryogenix.org/code/browser/nicetitle/