[#13522] - email cloaking problem within introtext
- Closed
- 8 Jan 2022
- Low
- Build: master
- # 13522
Steps to reproduce the issue
- Add an "Articles Category" module on the sample site
- Under "Display Options" tab: everything on Hide, except "Introtext= show" and "Show Read More=show"
- Create an article with the below html:
<p>Intro text <a href="mailto:sample@example.com">sample@example.com</a> - more more more</p>
<hr id="system-readmore" />
<p><br />Paragraph 1<br />1<br />2<br />3<br />4<br />5</p>
<p>Paragraph 2<br />1<br />2<br />3<br />4<br />5</p>
<p>Paragraph 3<br />1<br />2<br />3<br />4<br />5</p>
<p>End</p>
Expected result
Introtext shows the email address
Actual result
This email address is being protected from spambots. You need JavaScript enabled to...
System information (as much as possible)
current staging and 3.6.5, older versions probably
Additional comments
n/a
joomla-cms-bot
- | Labels |
Added:
?
|
||
Thank you for the workaround and yes $introtext is easily above 600 characters long.
Low priority anyway.
Does not this solution have security implications in so much as now the _cleanIntrotext method would allow script to be output?
@PhilETaylor I think I should redo #11027, will make patching this a lot easier (but I don't remember the reason we end up reverting it in the first place)
nibra
- | Category | ⇒ | Plugins |
| Priority | Medium | ⇒ | Low |
| Status | New | ⇒ | Confirmed |
franz-wohlkoenig
- | Title |
|
||||||
| Status | Confirmed | ⇒ | Discussion | ||||
| Labels |
Added:
J3 Issue
|
||
| Status | Discussion | ⇒ | Information Required |
@jsubri Is this issue still present in the latest J3?
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/13522.
I didn't checked recently, the workaround was good enough for me and I've advised my customer (NGO) to refrain adding email address in the introtext. Very high probability the javascript code is still present in the $introtext in current staging. I've not test with J4.
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/13522.
Is this issue still present in the latest J3?
Yes.
Is this issue still present in latest Joomla 4 ?
Yes.
This is a bug that should be fixed in J3
| Status | Information Required | ⇒ | Confirmed |
| Status | Confirmed | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2022-01-08 08:27:18 |
| Closed_By | ⇒ | alikon | |
| Labels |
Added:
No Code Attached Yet
Removed: ? |
||
| Status | Closed | ⇒ | New |
| Closed_Date | 2022-01-08 08:27:18 | ⇒ | |
| Closed_By | alikon | ⇒ |
still an issue on j3
| Status | New | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2022-01-08 11:02:05 |
| Closed_By | ⇒ | alikon |
@jsubri There a few things that make this functionality fail:
To make it work just replace https://github.com/joomla/joomla-cms/blob/staging/modules/mod_articles_category/helper.php#L325-L332 with:
And increase the allowed characters (in my test case 1000)
And the million dollar question: can this be patched without this hack?