Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#10906] - Fix non-escaped HTML TAG parameter title for ACL rules selectors, by stripping HTML tags from it

? Success

User tests: Successful: Unsuccessful:

avatar ggppdk
ggppdk
22 Jun 2016

Pull Request for Issue #10876

Summary of Changes

The title (HTML tag parameter) of the ACL selectors (inherit / allow / deny),

  • is not escaped resulting in HTML validation errors, if the title contains HTML

We either need

  • to strip HTML tags
  • or escape the HTML special characters and add "hasToolTip" class to the ACL inherit / allow / deny selector

This PR suggest to strip HTML tags

Testing Instructions

Open any HTML form with rules and hover over the rules (over the select element: inherit / Allow / Deny), the tooltip should appear (browser native tooltip) without errors

Then add some html to the language string of a rule:
e.g.

        <action name="core.create" title="LANG_STRING_WITH_HTML" ... />

The HTML will appear next to the selector but it will be stripped from the browser native tooltip

avatar ggppdk ggppdk - change - 22 Jun 2016
Status New Pending
avatar ggppdk ggppdk - open - 22 Jun 2016
avatar joomla-cms-bot joomla-cms-bot - change - 22 Jun 2016
Labels Added: ?
avatar ggppdk ggppdk - change - 22 Jun 2016
Title
Fix non-escaped HTML TAG parameter title for ACL rules selectors, by
Fix non-escaped HTML TAG parameter title for ACL rules selectors, by stripping HTML tags from it
avatar andrepereiradasilva andrepereiradasilva - test_item - 22 Jun 2016 - Tested successfully
avatar andrepereiradasilva
andrepereiradasilva - comment - 22 Jun 2016

I have tested this item successfully on 7b1a1b4

This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10906.

avatar infograf768 infograf768 - test_item - 23 Jun 2016 - Tested successfully
avatar infograf768
infograf768 - comment - 23 Jun 2016

I have tested this item successfully on 7b1a1b4

This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10906.

avatar infograf768 infograf768 - change - 23 Jun 2016
Status Pending Ready to Commit
avatar infograf768
infograf768 - comment - 23 Jun 2016

Simple correction. RTC. Thanks.

Can go into 3.6.0

This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/10906.

avatar joomla-cms-bot joomla-cms-bot - change - 23 Jun 2016
Labels Added: ?
avatar ggppdk ggppdk - change - 23 Jun 2016
The description was changed
avatar brianteeman brianteeman - change - 24 Jun 2016
Labels
avatar brianteeman brianteeman - change - 24 Jun 2016
Category Fields Libraries
avatar grhcj
grhcj - comment - 28 Jun 2016

Is this still for 3.6.0? May we have a milestone here?

avatar zero-24
zero-24 - comment - 28 Jun 2016

@grhcj this is up to the release leader maybe @wilsonge or @roland-d can decide on the milestone ;)

avatar roland-d roland-d - change - 29 Jun 2016
Milestone Added:
avatar roland-d roland-d - close - 16 Jul 2016
avatar roland-d roland-d - merge - 16 Jul 2016
avatar joomla-cms-bot joomla-cms-bot - close - 16 Jul 2016
avatar roland-d roland-d - change - 16 Jul 2016
Status Ready to Commit Fixed in Code Base
Closed_Date 0000-00-00 00:00:00 2016-07-16 08:16:42
Closed_By roland-d
avatar joomla-cms-bot joomla-cms-bot - change - 16 Jul 2016
Labels Removed: ?

Add a Comment

Login with GitHub to post a comment