Blog Documentation Try Vanilla Cloud
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

WYSIWYG for < code > on RSI Forums v2.1b1

slawaslawa New
in Vanilla 2.0 - 2.8

Does anyone know why this is happening?
I am just a user of that forum.

Tagged:

Best Answer

  • Options
    R_JR_J Ex-Fanboy Munich Admin
    Answer ✓

    The code tag doesn't escape html. Plain and simple. I would also have expected another behavior. If you are just a user, you're lost. If you have access to the source code, you could try to fix that. Best would be to report it on GitHub (and offer your fix if you found one).

    The most current version (which is used here) still has it's problems with html:


    Vanilla

    Vanilla

    <a href="http://vanillaforums.org">Vanilla</a><hr>

    <a href="http://vanillaforums.org">Vanilla</a>
<hr>

Answers

  • Options
    x00x00 MVP
    edited December 2013

    if you can reproduce it on a clean install with the same formatter but no addons/pluigns then you can report it to github

    https://github.com/vanillaforums/Garden/issues

    2.1b1 is beta software.

    grep is your friend.

  • Options
    R_JR_J Ex-Fanboy Munich Admin
    Answer ✓

    The code tag doesn't escape html. Plain and simple. I would also have expected another behavior. If you are just a user, you're lost. If you have access to the source code, you could try to fix that. Best would be to report it on GitHub (and offer your fix if you found one).

    The most current version (which is used here) still has it's problems with html:


    Vanilla

    Vanilla

    <a href="http://vanillaforums.org">Vanilla</a><hr>

    <a href="http://vanillaforums.org">Vanilla</a>
<hr>
  • Options
    x00x00 MVP

    @R_J yes he is wrong about "No URLs should be changed to links in the post's code segment." I mean that isn't the case with html in general anyway (or it simply wouldn't render that was in browser). It would need html special characters to display it as such. Just becuase some formatters may convert, doesn't mean it is how it should be or the only way.

    However I understand he is also reporting a difference between OP and the next comment.

    grep is your friend.

  • Options
    slawaslawa New
    edited December 2013

    That's what I am talking about. Why does < code > has problems with HTML? Code is meant to display text without formatting anything.
    I hope one of the coders can give it a quick fix. http://php.net/htmlspecialchars


    Vanilla

    ^ o.0

    And yes. The other funny thing is that OP's html in < code > is properly escaped, but not replies. I would test it here, but edit is only allowed for 15 minutes and I don't want to spam threads.

  • Options
    x00x00 MVP
    edited December 2013

    @slawa this is a beta version i already told you what to do.

    Yes typically htmlspecialchars should NOT be applied automatically. However that is a decision for the framework. Some do some don't.

    Note you also have auto-ilinking which is when you put an url without any tags e.g.

    http://php.net/htmlspecialchars

    grep is your friend.

Sign In or Register to comment.