search

glpi-project / glpi

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing.
https://glpi-project.org
GNU General Public License v3.0
4.24k stars 1.29k forks source link

[GLPI 10.0.0-rc2] HTML source rendering in ITIL objects #10891

Closed VladoTTX closed 2 years ago

VladoTTX commented 2 years ago

Code of Conduct

Is there an existing issue for this?

Version

10.0.0-rc2

Bug description

Noticed this with forms but I assume this is more general problem with rendering of HTML from content fields so I rather summit the issue to the project.

If in source code of "content" for example in tickets or follow-ups contains both types of HTML escaping like < > and < and > result is that content is rendered fully escaped. Example one with combination:

<div><h1>Form data</h1><h2>TEST SECTION</h2><div><b>1) Description : </b><p>TEST</p></div><div><b>2) Attachment : </b>No attached document</div><div><b>3) TEST1 : </b>3</div><div><b>4) TEST2 : </b>3181</div></div>

image

Example 2 with just < and >

<div><h1>Form data</h1><h2>TEST SECTION</h2><div><b>1) Description : </b><p>TEST</p></div><div><b>2) Attachment : </b>No attached document</div><div><b>3) TEST1 : </b>3</div><div><b>4) TEST2 : </b>3181</div></div>

image

Relevant log output

No response

Page URL

No response

Steps To reproduce

No response

Your GLPI setup information

GLPI 10.0.0-rc2 with Formcreator 2.12.2

Anything else?

Looks like different escaping is used for fields itself in input and whole content which cases these double types. I am not sure why it should be a problem to combine both types of escaping.

cedric-anne commented 2 years ago

@btry

I think the issue has to be fixed in Fromcreator side.

cedric-anne commented 2 years ago

@VladoTTX

Could you try with Formcreator v2.13.0-alpha.3 ?

btry commented 2 years ago

Hi

I had similar report with Formcreator + GLPI 9.5. HTML tags appears when an answer to a textarea question contains < br / >. @VladoTTX : This report should be created in Formcreator.

VladoTTX commented 2 years ago

@btry from what I have seen problem is with formcreator generating both types of escaping. It is not related only to <br/> This happens in case Text Area is used both &lt; &gt; and &#60; and &#62;

I've tried also with the 2.13.0-alpha3 and issue is still present. I'll open issue to formcreator, but for me it looks like generic issue.

@trasher is this expected behavior of HTML content in GLPI now? Does it need to contain just one type of escaping of HTML brackets?

btry commented 2 years ago

With GLPI 10 escaping HTML tags changed. This is a game changing point for the plugin. Many changes were done after Alpha.3 release then I suggest you test the latest revision of the branch support/2.13.0. Please, mention the URL of this issue in the new one you will create on the Formcreator's repo.