Blog Documentation Book a Demo
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Use of greater than > and less than < characters in post result in mangled code

impimp New
in Vanilla 2.0 - 2.8

Our forum requires that developers be able to post their code in their post for us to review and assist as necessary. Unfortunately, the use of the greater than > and less than < characters in post results in mangled code. For example:

Posted code:
<!DOCTYPE html>

document.write("Hello World!");


Displayed code:
<!DOCTYPE html>

document.write("Hello World!");

I have disabled wysiwyg but "Simple HTML" is still enabled. I'd like to allow users to post their code and have it appear in its raw form even if the code contains HTML characters. I've read the the thread about disabling HTML tags and but obviously fear the loss of videos on existing posts...altho there was one comment: "old posts work because Vanilla stores the "Format" used for a single message." I've also read this thread about Markdown but want to make sure that doing this resolves the problem and not create more problems. I could simply try these and see what happens but I don't have access to make these changes so I want to make sure I've got a good solution before presenting it to the power that be.

What will work?

Any help will be much appreciated!

Answers

  • impimp New

    Well, I think I've got the answer. No Markdown...just disable HTML and see what happens.

  • x00x00 MVP 
    <!DOCTYPE html>

    grep is your friend.

  • x00x00 MVP

    Like so

    <pre><!DOCTYPE html></pre>

    grep is your friend.

  • x00x00 MVP
    edited November 2012

    another way

    <!DOCTYPE html>

    <!DOCTYPE html><- four space indent

    grep is your friend.

  • x00x00 MVP
    edited November 2012

    Obviously the formatter is not physic it doesn't know when you want the markup to be rendered or as source. it also not it's job to render. Html has it own way of representing code.

    <pre></pre> for a script, and <code></code> for in line script.

    grep is your friend.

  • x00x00 MVP

    hmm there is a bug I remember

    <pre><b>test</b></pre> ->

    test

    <code><b>test</b><code> -> test

    <pre>&lt;b>test&lt;/b></pre> ->

    <b>test</b>

    not ideal but you have to replace < with &lt;

    grep is your friend.

  • x00x00 MVP
    edited November 2012

    It is hard to say that the above is a bug becuase in a way that is the expected behaviour in html (if not the browser wouldn't render it so), certainly without pre-processing.

    post client side solution would be

    jQuery(document).ready(function($){
     $('code,pre').livequery(function(){
          $(this).text($(this).html().toString());
     });
});

    that is assuming you are not using some other post processing like prettify.

    grep is your friend.

  • impimp New

    Yes, agreed that this is not a bug and is expected behavior. Decision to disable HTML occurred when I posted my question and the raw code didn't get posted (via Markdown) which was not a surprise. Appreciate you responding to this although we can't expect our users to modify their code to be able to post in our forum - most just copy and paste. I'll propose the post client solution and see what happens. Again, thanks for the quick response!

Sign In or Register to comment.