Closed ewohnlich closed 7 months ago
On Plone classic demo site, create a page and give it a tag with an ampersand in it like "red & white". Create a new page and pull up the dropdown of existing tags. I am using tags specifically because it is a select2 field
Option for "red & white"
Option for "red & white"
Plone 6, on the classic demo site https://classic.demo.plone.org/en
Please see this issue: https://github.com/plone/Products.CMFPlone/issues/3429 The resolution there addressed a similar problem in another part of this class. But I believe it is this line https://github.com/plone/plone.app.content/blob/4.0.1/plone/app/content/browser/vocabulary.py#L264 that is causing the issue in my case. I understand this scrub is an intent to prevent the injection of malicious code but it is simply not displaying html entities correctly.
see merged branch here for solution https://github.com/plone/plone.app.content/pull/273
and todays release https://pypi.org/project/plone.app.content/ ... I close this one.
BUG/PROBLEM REPORT (OR OTHER COMMON ISSUE)
What I did:
On Plone classic demo site, create a page and give it a tag with an ampersand in it like "red & white". Create a new page and pull up the dropdown of existing tags. I am using tags specifically because it is a select2 field
What I expect to happen:
Option for "red & white"
What actually happened:
Option for "red & white"
What version of Plone/ Addons I am using:
Plone 6, on the classic demo site https://classic.demo.plone.org/en
Please see this issue: https://github.com/plone/Products.CMFPlone/issues/3429 The resolution there addressed a similar problem in another part of this class. But I believe it is this line https://github.com/plone/plone.app.content/blob/4.0.1/plone/app/content/browser/vocabulary.py#L264 that is causing the issue in my case. I understand this scrub is an intent to prevent the injection of malicious code but it is simply not displaying html entities correctly.