robbieaverill
commented
7 years ago Perhaps the quick win is to remove the <> from the source code for now
Closed andrewandante closed 6 years ago
robbieaverill
commented
7 years ago Perhaps the quick win is to remove the <> from the source code for now
tractorcow
commented
7 years ago Doh, I think so!
andrewandante
commented
7 years ago I've had a little play around with this today - one of the other things we can do is edit the twig templates to escape HTML - i.e
{% if class.shortdesc -%}
<p>{{ class.shortdesc|desc(class)|escape('html') }}</p>
{%- endif %}However, you end up with a big blob of text, rather than the very-useful examples.
So we can either remove < and > from docblocks, or add backticks - they render the same, but backticks read a little cleaner.
I'm curious how we managed to get around this with the previous implementation - it seems that it would turn on the HTML renderer if a line began with a tag? Something like that? Maybe we can try and re-implement something along those lines.
tractorcow
commented
7 years ago If we pass the docblock through a DOMDocument, and return that, wouldn't that guarantee correctly matched opening / closing tags, and prevent the escaping occurring?
tractorcow
commented
7 years ago All merged, just need to rebuild the docs now.
chillu
commented
6 years ago /cc @nathanbrauer
chillu
commented
6 years ago @tractorcow How do we get the rebuild done? I would've thought that's at least nightly?
tractorcow
commented
6 years ago Yes it's ment to happen every night but it may not be working.
andrewandante
commented
6 years ago Build is running, just had a look. Seems that the 3 branch is updated (see http://api.silverstripe.org/3/DropdownField.html) but 4 is not (see http://api.silverstripe.org/4/SilverStripe/Forms/DropdownField.html). Not sure what is going on there tbh.
You can see the job running here: https://logs.platform.silverstripe.com/streams/5955c89de4b09ee3b9815f57/messages?rangetype=absolute&fields=source%2Clog_type%2Cmessage&width=1920&from=2017-12-13T13%3A59%3A29.000Z&to=2017-12-13T14%3A03%3A02.000Z&q=log_type%3ASilverStripe_cron#fields=source%2Clog_type%2Cmessage if you have Graylog permissions.
andrewandante
commented
6 years ago Update - looks like the pull --all command isn't pulling, well, all. Will put in a PR.
andrewandante
commented
6 years ago chillu
commented
6 years ago Thanks for looking into this, Andrew!
dhensby
commented
6 years ago chillu
commented
6 years ago Note that this isn't deployed yet, I'm just following up with @robbieaverill :)
robbieaverill
commented
6 years ago Deploying to UAT now
robbieaverill
commented
6 years ago UAT good, will deploy to production a bit later today
robbieaverill
commented
6 years ago Deploying now - we'll leave the cron to pick up the run overnight =)
See http://api.silverstripe.org/4/SilverStripe/Forms/DropdownField.html
The phpdoc for the DropdownField class contains the line
Dropdown field, created from a <select> tag.an actual tag is rendered, throwing off the whole page. This can be worked around by using<select>instead - which means that either:a) the content needs to be sanitised before rendered - see https://github.com/FriendsOfPHP/Sami/issues/261 b) we need to check all our classes for tags and update/remove them accordingly