Widgets/TitleBoxStart generates code like this:
...
For the first div, XHTML validator complains:
syntax of attribute value does not conform to declared value .
For the second quoted div, XHTML validator complains:
value of attribute “id” must be a single token .
In other words, better to not even put an id attribute if you don’t
have a value, and id values should be sanitized. See patch below.
html/Widgets/TitleBoxStart | 4 +±-
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/html/Widgets/TitleBoxStart b/html/Widgets/TitleBoxStart
index 704caa7…9d954c8 100755
— a/html/Widgets/TitleBoxStart
+++ b/html/Widgets/TitleBoxStart
@@ -45,7 +45,7 @@
%# those contributions and any derivatives thereof.
%#
%# END BPS TAGGED BLOCK }}}
-
+<div class=“titlebox <% $class %>”<% $id ? qq[ id="$id"] : ‘’|n %>>
">
% if ($hideable) {
X
@@ -78,7 +78,7 @@ my $page = $m->request_comp->path;
my $tid = "TitleBox--$page--" .
join '--', ($class, $bodyclass, $title, $id);
-$tid =~ s{/}{}g;
+$tid =~ s{[/\s]+}{}g;
my $i = 0;
$i++ while $m->notes("$tid-$i");
Applied only second part. The first one is potential security risk
unless $id is escaped.On 10/30/07, Jason Long jlong@messiah.edu wrote:
Widgets/TitleBoxStart generates code like this:
...
For the first div, XHTML validator complains:
syntax of attribute value does not conform to declared value .
For the second quoted div, XHTML validator complains:
value of attribute “id” must be a single token .
In other words, better to not even put an id attribute if you don’t
have a value, and id values should be sanitized. See patch below.
html/Widgets/TitleBoxStart | 4 +±-
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/html/Widgets/TitleBoxStart b/html/Widgets/TitleBoxStart
index 704caa7…9d954c8 100755
— a/html/Widgets/TitleBoxStart
+++ b/html/Widgets/TitleBoxStart
@@ -45,7 +45,7 @@
%# those contributions and any derivatives thereof.
%#
%# END BPS TAGGED BLOCK }}}
-
+<div class=“titlebox <% $class %>”<% $id ? qq[ id=“$id”] : ‘’|n %>>
">
% if ($hideable) {
X
@@ -78,7 +78,7 @@ my $page = $m->request_comp->path;
my $tid = "TitleBox--$page--" .
join '--', ($class, $bodyclass, $title, $id);
-$tid =~ s{/}{}g;
+$tid =~ s{[/\s]+}{}g;
my $i = 0;
$i++ while $m->notes(“$tid-$i”);
List info: The rt-devel Archives
SAVE THOUSANDS OF DOLLARS ON RT SUPPORT:
If you sign up for a new RT support contract before December 31, we’ll take
up to 20 percent off the price. This sale won’t last long, so get in touch today.
Email us at sales@bestpractical.com or call us at +1 617 812 0745.
Best regards, Ruslan.