Hello,
I’m wondering if it’s feasible to add HTML links within RT transaction
descriptions.
That would be useful for adding links in ticket history relationship
items on the web interface.
For example :
“Enoch, Root - Reference to ticket #1234 added”
The “ticket #1234” could appear on the web interface as a link to the
actual ticket.
Thanks,
Jerome Charaoui
Hello,
I’m wondering if it’s feasible to add HTML links within RT transaction
descriptions.That would be useful for adding links in ticket history relationship
items on the web interface.For example :
“Enoch, Root - Reference to ticket #1234 added”
The “ticket #1234” could appear on the web interface as a link to the
actual ticket.
Maybe I’m misunderstanding (likely!) but wouldn’t that just link back to
the ticket you are viewing? Normally, you would be looking at the
transaction history of ticket #1234 in order to see the "Enoch, Root -
Reference to ticket #1234 added"transaction…
Andy D’Arcy Jewell
SysMicro Limited
Linux Support
E: andy.jewell@sysmicro.co.uk
W: www.sysmicro.co.uk
Hello,
I’m wondering if it’s feasible to add HTML links within RT
transaction descriptions.That would be useful for adding links in ticket history relationship
items on the web interface.For example :
“Enoch, Root - Reference to ticket #1234 added”
The “ticket #1234” could appear on the web interface as a link to
the actual ticket.
While it’s possible to change BriefDescription in RT::Transaction to
do that (or even to use the ModifyDisplay callback to add it in later)
the problem is that the transaction description is passed through
Mason’s HTML escaper, and the link wouldn’t work. We could turn that
off, but it would require effort to ensure that no security bugs
(displaying user entered info unescaped) are added.
-kevin
While it’s possible to change BriefDescription in RT::Transaction to
do that (or even to use the ModifyDisplay callback to add it in later)
the problem is that the transaction description is passed through
Mason’s HTML escaper, and the link wouldn’t work. We could turn that
off, but it would require effort to ensure that no security bugs
(displaying user entered info unescaped) are added.
Thanks for taking the time to reply.
I understand the concern. Extra care should indeed be taken when
changing something that could introduce security issues.
Another way to deal with this in a more concise way could be to add a
property to RT:Transaction (ie BriefDescriptionLink) which would contain
an RT-built URL. In the case of a ticket relationships transaction, it
could contain the URL of the related ticket.
Then it would simply be a matter of adjusting the ShowTransaction
template to check for BriefDescriptionLink and, if non-empty, wrap $desc
entirely with an anchor tag with the url parameter set to
BriefDescriptionLink. This way BriefDescription would remain
HTML-escaped at all times.
What do you think?
While it’s possible to change BriefDescription in RT::Transaction to
do that (or even to use the ModifyDisplay callback to add it in later)
the problem is that the transaction description is passed through
Mason’s HTML escaper, and the link wouldn’t work. We could turn that
off, but it would require effort to ensure that no security bugs
(displaying user entered info unescaped) are added.Thanks for taking the time to reply.
I understand the concern. Extra care should indeed be taken when
changing something that could introduce security issues.Another way to deal with this in a more concise way could be to add
a property to RT:Transaction (ie BriefDescriptionLink) which would
contain an RT-built URL. In the case of a ticket relationships
transaction, it could contain the URL of the related ticket.Then it would simply be a matter of adjusting the ShowTransaction
template to check for BriefDescriptionLink and, if non-empty, wrap
$desc entirely with an anchor tag with the url parameter set to
BriefDescriptionLink. This way BriefDescription would remain
HTML-escaped at all times.
A branch called 4.2/html-transaction-descriptions was recently merged
to master and will be included in 4.2.0 which has this and many other
links.
-kevin