|
My bug, my blame.
The history of this bug is that we allow pretty much all HTML in messages, preferring to filter out what's not allowed rather than rendering only the tags that are allowed (as opposed to other sites that allow only a small subset of tags). We very quickly realised that we needed to filter out all the bad bits (as you saw), however, we were careful to only filter out bad bits that were actually in live tags.
So <a onclick=...
would not be subject to a filter, since it would render safely, but
<a onclick=...
was subject to the filter, since it was live and dangerous.
but over time we then added auto-HTML-encoding of tags within PRE blocks so that if someone entered HTML tags without HTML encoding them, they would render correctly. At this point I forgot to switch the filtering out to happen after auto-encoding, instead of before. Simple fix, and I'm sure many appreciate you raising the issue.
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
I don't know which to offer first. My gratitude for the fix , or my apology for the tone of the report.
One could certainly understand if you uttered the famous words of Jim Richards at the '92 Bathurst 1000 from time to time.
Make it work. Then do it better - Andrei Straut
|
|
|
|
|
None of my mates died of a heart attack while I was fixing the bug so I don't reckon I qualify
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
I'm not sure if this is a bug or not...
In QA, code blocks have a "collapse" option - which is really handy when some idiot person posts their entire application with a single line of problem description at the bottom, or in the middle. It makes it so easy to remove the code block and see the question, as well as get to the comment button without scrolling down through the whole message.
I seem to remember that this worked in the forums too? Or am I just imagining that due too much cheese? Either way, it would be handly, particularly when you get a question like this: http://www.codeproject.com/Messages/4389640/tic-toe-game-not-working-as-expected-please-help.aspx[^]
Any chance it could be re-enabled (or added if that was a product of my fevered imagination) for the forums as well?
Ideological Purity is no substitute for being able to stick your thumb down a pipe to stop the water
|
|
|
|
|
Hello, Wallace!
I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We've created life in our own image.
Stephen Hawking
|
|
|
|
|
Cracking cheese, Grommit!
Ideological Purity is no substitute for being able to stick your thumb down a pipe to stop the water
|
|
|
|
|
I have always loved Wallace and Grommit. I especially like 'The Curse of the Were-Rabbit'.
I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We've created life in our own image.
Stephen Hawking
|
|
|
|
|
I still have a "Have you seen this chicken" mug.
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
I removed this because the way we currently have it implemented is client side, and in scanning 50 messages and modifying (potentially) multiple PRE blocks in each, the page could slow down unacceptably.
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
Hmm. See what you mean. Pity, but you have a good point!
Ideological Purity is no substitute for being able to stick your thumb down a pipe to stop the water
|
|
|
|
|
|
Me too. Tried to vote on one of Eddy's answers and got the unknown error. IE8.
Why is common sense not common?
Never argue with an idiot. They will drag you down to their level where they are an expert.
Sometimes it takes a lot of work to be lazy
Please stand in front of my pistol, smile and wait for the flash - JSOP 2012
|
|
|
|
|
All fixed.
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
+5
it works again!
Bastard Programmer from Hell
if you can't read my code, try converting it here[^]
|
|
|
|
|
None of them are urgent ...
- Is it possible to have some "expiration date" on the notifications ?
(user settings ?)
- It is possible to move the "refresh" link/button at the top of the forum ? Sometimes I leave my post and just hit the refresh button instead of reloading the whole page; now I have to scroll down to find it.
Nihil obstat
|
|
|
|
|
received the following when opening this link from the Insider in a new tab -
Quantum measurements leave Schrödinger's cat alive
Ticket: (No ticket provided - possibly an error in the error-system)
Error: An error occurred in this page. The error has been recorded and the site administrator informed.
Abort, Retry, Fail?_
|
|
|
|
|
I've found the issue - thanks. A new upload today should fix it.
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
When i click on vote without selecting rating option it gives me the below message and voting section disappears.
There was an error while trying to rate this item. Please try again later.
Regards,
Jon
|
|
|
|
|
Fixed in next release. Thanks.
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
Hi there! First of all, excellent work on all site features and in the revamped interface CodeProject has never been so great! (erm, actually, it has always been great, but the fact it is ever evolving makes it even nicer)
I would like to report an issue with the online article submission wizard, particularly in the article editor. Everytime I open the draft of one of my articles, it gets a " <br />" added after each of its lines. It is funny because if I close and reopen it 10 times, I will have 10 line breaks inserted between the lines, making everything giantly spaced.
This only happens if I close the article editor and reopen it. It doesn't happen when changing from HTML view to design view, or anything else I tried. To sidestep this issue I am currently saving the HTML of my current draft in Notepad I am using Chrome, if this is relevant.
Please keep up the good work!
Best regards,
Cesar
|
|
|
|
|
César de Souza wrote: This only happens if I close the article editor and reopen it
I'm trying to replicate and not having any luck here.
When you say "close the editor" do you mean you close the browser window or hit 'Cancel'? When you reopen are you clicking the "Update my article" link each time?
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
Sorry Chris, I should have provided a more detailed description. Here it happens whenever I do the following steps:
- Create an article
- Switch to HTML view
- Type in the following (with the extra line breaks between the p tags):
<p>test1</p>
<p>test2</p>
<p>test3</p>
- Save the draft (pressing the green button on the right)
- Reload the page
When the page finishes reloading, there will be an extra line break after each line. If I go to the HTML view it will read:
<p>test1</p>
<br />
<p>test2</p>
<br />
<p>test3</p>
<br />
Perhaps this could be by design, but it seems this happens because I like to organize the HTML code so it gets easier to read in case I have to manually edit it (such as when configuring images or positioning). Please let me know if this is indeed a bug or I am doing something wrong.
|
|
|
|
|
Hi Chris,
Sorry to bother, but did you had success replicating the issue? I've just noticed it still occurs. I can create a video or provide more info if you need. If you can peek into unpublished articles perhaps you could also see the article I am writing which has this issue.
Best regards,
Cesar
|
|
|
|
|
I've just tried again and, again, I'm failing to replicate.
1. Open article in the editor.
2. Check HTML, ensure no <br>'s
3. Switch back to "Design" mode and hit Save Draft.
4. Reload editor with the same article
5. Check HTML. No <br>'s are ever found.
cheers,
Chris Maunder
The Code Project | Co-founder
Microsoft C++ MVP
|
|
|
|
|
Hi Chris,
I've created an extremely detailed specification on how I am triggering this. Sorry if it seems to much, but I hope it leaves no doubts on what I did.
1. Open Codeproject.
1.1 Hover your mouse over "articles". A menu should appear.
1.1 When it appears, Click the link "Submit an article or tip".
2. The Submit a new Article page will be shown.
2.2 Click the button "Submit an Article" (on the left, in brown)
3. The Article Submission Wizard will appear.
3.1 Write anything as the article's title, such as "anything".
3.2 In the designer, click the HTML button to go to HTML view.
3.3 Remove all text from the template there (Ctrl-A, Backspace)
Now type exactly those words
<p>Hey</p>
<p>I've just met you</p>
<p>And this is crazy</p>
<p>But there will be extra spaces</p>
<p>between these sentences</p>
(note that I've actually hit 'enter' right after each </p>).
3.4 Now click the button "Save Draft" (on the right, in green)
3.5 Hover the mouse on your username, on the right top of the site.
3.6 A menu will appear. Click on the link "My Articles"
3.7 (optional) A popup may appear asking if you would like to lose any unsaved text. I answer "leave this page". I am unsure if this is a Chrome-only thing.
4. The Articles by Chris Maunder page will appear.
4.1 Find your recently created article. Mine was called "anything", located under the Uncategorised Articles, General section.
4.2 Click on its name.
5. Your article will appear, together with a notice: This is an auto-saved draft copy of the new unpublished article created by the submission wizard. You can either discard this draft or continue to work on it.
5.1 Choose to "work on it".
6. The Article Submission Wizard will appear.
6.1 Click on the HTML button to the see the HTML code
Here it reads:
<p>Hey</p>
<br />
<p>I've just met you</p>
<br />
<p>And this is crazy</p>
<br />
<p>But there will be extra spaces</p>
<br />
<p>between these sentences</p>
In fact, this would also have been noticeable on step 5. The article would have open with unusually large spaces between the sentences. For some system specifications, I am running Chrome 22.0.1229.94 m on Windows 7 64 bits.
Best regards,
Cesar
modified 7-Nov-12 18:10pm.
|
|
|
|