search

ietf-tools / datatracker

The day-to-day front-end to the IETF database for people who work on IETF standards.
https://datatracker.ietf.org
BSD 3-Clause "New" or "Revised" License
587 stars 358 forks source link

GroupEvent descriptions inconsistently apply HTML formatting #3471

Open ietf-svn-bot opened 2 years ago

ietf-svn-bot commented 2 years ago

type_defect | by jennifer@painless-security.com

The group event descriptions shown on the group's history tab frequently include "" tags. These are sometimes interpreted to cause bold text and other times rendered literally as text. This differs row-by-row in the history.

E.g., from https://datatracker.ietf.org/group/nomcom2021/history/:

          <td class="text-nowrap">2021-07-19</td>
          <td>
        Jenny Bui
          </td>
          <td>Liaison Member changed to &lt;b&gt;Deborah Brungard, Roman Danyliw, Sean Turner, Stephan Wenger&lt;/b&gt; from Deborah Brungard, Sean Turner, Stephan Wenger</td>
        </tr>

        <tr>
          <td class="text-nowrap">2021-07-19</td>
          <td>
        Jenny Bui
          </td>
          <td><div class="snippet">Member changed to <b>Chris Box, Christian Huitema, Dhruv Dhody, Loganaden Velvindron, LucAndré Burdet, Marc Petit-Huguenin, Martin Thomson, Mary Barnes, Shraddha Hegde, Toerless Eckert</b> from Toerless …<button class="btn btn-xs btn-default show-all"><span class="fa fa-caret-down"></span></button></div><div class="hidden full">Member changed to <b>Chris Box, Christian Huitema, Dhruv Dhody, Loganaden Velvindron, LucAndré Burdet, Marc Petit-Huguenin, Martin Thomson, Mary Barnes, Shraddha Hegde, Toerless Eckert</b> from Toerless Eckert</div></td>
        </tr>

(note the &lt;b&gt; in the first entry vs the <b> in the second)

The only hint of a pattern I see is that the one with properly interpreted HTML is in a <div class="snippet">, which probably means it's being rendered through a different code path that may be marking the text as HTML safe.

Issue migrated from trac:3471 at 2022-03-04 09:20:29 +0000

ietf-svn-bot commented 2 years ago

@rjsparks@nostrum.com changed priority from n/a to medium

ietf-svn-bot commented 2 years ago

@rjsparks@nostrum.com changed status from new to accepted

ietf-svn-bot commented 2 years ago

@rjsparks@nostrum.com commented

ugh - both groupevent and docevent have, at times, allowed html tags to be entered into desc. This needs a fairly large cleanup (and there are other related tickets) to normalize the desc text into an easier to clean and bleach markup language.