Bug #2537
Tags stripped too eagerly
| Status: | Resolved | Start date: | 04/02/2012 | |
|---|---|---|---|---|
| Priority: | Regression | Due date: | ||
| Assignee: |  Rafał Malinowski |
% Done: | 100% |
|
| Category: | - | Spent time: | - | |
| Target version: | Kadu - 0.12.0 | |||
| Found in Git commit: | Steps to reproduce: | |||
| Fixed in Git commit: | bfd64bc1780684c0fc1f060010b3435d184f9228 | Additional information: | ||
| Junior job: | No |
Description
It seems that after the last security update related to HTML tags, Kadu is a bit too eager to strip them. What I mean by that is, supposing I paste some a HTML or XML code sample to someone, almost everything in angular brackets will be stripped before it is sent and won't reach the recipient as intended. What I would expect is for them to be escaped in the form of <tag_name> etc. and be displayed as the intended symbols.
History
Updated by Michał Ziąbkowski about 1 year ago
I meant & lt ; and & gt ; instead of the brace symbols of course.
Updated by Bartosz Brachaczek about 1 year ago
I cannot reproduce. Could you send some messages that are incorrectly stripped for you to beevvy@kadu.im (it's GTalk)?
Updated by Michał Ziąbkowski about 1 year ago
Actually, one correction - it seems the message is sent just fine. People on the other end say they got my HTML snippet. But the text doesn't display in my chat window. Curiously enough, this only seems to apply to my own messages. Does this change anything?
Updated by Bartosz Brachaczek about 1 year ago
- Priority changed from Normal to Regression
- Target version set to 0.12.0
I was indeed able to reproduce it with jabber, with gadu it works good. Fortunately it regressed only in 0.12, 0.11.1/2 are not affected. Thanks for reporting. :)
BTW, unit tests would really help here. We're lucky we have some good testers. ;)
Updated by Bartosz Brachaczek about 1 year ago
- Project changed from core to jabber
Updated by Rafał Malinowski about 1 year ago
- Status changed from New to In Progress
- Assignee set to Rafał Malinowski
Updated by Rafał Malinowski about 1 year ago
- Status changed from In Progress to Resolved
- % Done changed from 0 to 100
- Fixed in Git commit set to bfd64bc1780684c0fc1f060010b3435d184f9228