search

google-code-export / django-page-cms

Automatically exported from code.google.com/p/django-page-cms
BSD 3-Clause "New" or "Revised" License
0 stars 0 forks source link

Cannot use & character in page title #156

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Try to use & in title

What is the expected output? What do you see instead?
I can use the & character and it will save it as such and display properly
rendered to HTML using the tags.

It will change it into parsed HTML & If rendered by the tags it will
render it as such (e.g. &).

What version of the product are you using? On what operating system?

SVN with Django 1.1

Please provide any additional information below.

Strangely enough this does not happen on the demo site but not sure if that
is running against 1.1

Original issue reported on code.google.com by jacques....@gmail.com on 24 Aug 2009 at 6:31

GoogleCodeExporter commented 9 years ago 
Looks like a double weird escaping issue. You are right the demo site is rather 
old
and is certainly not running Django 1.1

Original comment by batiste....@gmail.com on 24 Aug 2009 at 8:34

GoogleCodeExporter commented 9 years ago 
I can't reproduce locally and I have Django 1.1

Original comment by batiste....@gmail.com on 25 Aug 2009 at 7:01

GoogleCodeExporter commented 9 years ago 
Figured out how to reproduce this reliably:

in settings.py add:

PAGE_SANITIZE_USER_INPUT = False

Without it this does not happen.

Original comment by jacques....@gmail.com on 25 Aug 2009 at 1:49

GoogleCodeExporter commented 9 years ago 
I put this in my template:

    {% show_content current_page "title" %}
    {{ current_page.title }}

And I got in output:

    hello & toto
    hello & toto

The show_content tag seems to not escape anything. Then I activated
PAGE_SANITIZE_USER_INPUT = True and save the page again And now I get:

    hello & toto
    hello & toto

Seems quite resonable to me... If you don't want the double escaping, use the
show_content tag.

Original comment by batiste....@gmail.com on 26 Sep 2009 at 2:08

GoogleCodeExporter commented 9 years ago 
That is not the issue, I know what the PAGE_SANITIZE_USER_INPUT is supposed to 
do and
in some cases that is what I would want. The problem comes how this is handled 
in the
admin interface. For instance:

First Page Creation and Save: "hello & toto" typed -> "hello & toto" into 
database

Second Edit To Page (not touching title) and Save: "hello & toto" displayed ->
"hello & toto" into database.

Original comment by jacques....@gmail.com on 27 Sep 2009 at 10:00

GoogleCodeExporter commented 9 years ago

Original comment by batiste....@gmail.com on 27 Oct 2009 at 8:55

GoogleCodeExporter commented 9 years ago 
The thing is that I cannot reproduce your bug. When I do what you describe I get

hello & hello

I have written a test that pass on my configuration:

http://code.google.com/p/django-page-cms/source/detail?r=750

If it don't pass on your configuration, we have something different. If it 
pass, 
please modify it so it highlight the bug.

Original comment by batiste....@gmail.com on 28 Oct 2009 at 5:25

GoogleCodeExporter commented 9 years ago 
Now I cannot reproduce the issue anymore. The test passes here too. I still 
think its
confusing for people (that know nothing of HTML) using the admin interface what 
&
means once type type &, so it might be helpful if the HTML escaping is 
converted in
the UI when the page is displayed.

Original comment by jacques....@gmail.com on 6 Nov 2009 at 7:55

GoogleCodeExporter commented 9 years ago

Original comment by batiste....@gmail.com on 13 Sep 2010 at 10:18