Jeff-Lewis / vosao

Automatically exported from code.google.com/p/vosao
GNU Lesser General Public License v2.1
0 stars 0 forks source link

Structured content is not escaped #520

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Create a structure with at least a text field
2. Create a page with that structure
3. Open the page content editor and enter a special character (one of: <, >, &) 
in the text field
4. Hit 'save and continue'
5. Refresh the page in the browser

What is the expected output? What do you see instead?

You would expect to see the field have same value (special character in this 
case) as entered. Instead, you will get an XML parse error and all fields are 
empty. All content entered in all fields is lost.

Apparently (my guess), this happens because the page is stored as an XML file, 
and, because the entered content is stored as-is rather than escaped, this 
results in invalid XML. As a result, the underlying XML file cannot be parsed.

Similarly, if you enter escaped content (for example, the text: "&amp;"), after 
saving and reloading the page, the content will be unescaped (for example, 
"&"). Saving and reloading again will cause the same problem as described above 
and you will lose all content of the page.

Original issue reported on code.google.com by wowt...@gmail.com on 4 Oct 2011 at 4:33

GoogleCodeExporter commented 9 years ago

Original comment by kinyelo@gmail.com on 14 Jan 2012 at 8:07

GoogleCodeExporter commented 9 years ago
This issue was closed by revision r1130.

Original comment by kinyelo@gmail.com on 14 Jan 2012 at 9:05