XHTML nitpicks - Widgets/TitleBoxStart

Widgets/TitleBoxStart generates code like this:

...

For the first div, XHTML validator complains:

syntax of attribute value does not conform to declared value .

For the second quoted div, XHTML validator complains:

value of attribute “id” must be a single token .

In other words, better to not even put an id attribute if you don’t
have a value, and id values should be sanitized. See patch below.

html/Widgets/TitleBoxStart | 4 +±-
1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/html/Widgets/TitleBoxStart b/html/Widgets/TitleBoxStart
index 704caa7…9d954c8 100755
— a/html/Widgets/TitleBoxStart
+++ b/html/Widgets/TitleBoxStart
@@ -45,7 +45,7 @@
%# those contributions and any derivatives thereof.
%#
%# END BPS TAGGED BLOCK }}}
-


+<div class=“titlebox <% $class %>”<% $id ? qq[ id="$id"] : ‘’|n %>>
"> % if ($hideable) { X @@ -78,7 +78,7 @@ my $page = $m->request_comp->path; my $tid = "TitleBox--$page--" . join '--', ($class, $bodyclass, $title, $id);

-$tid =~ s{/}{}g;
+$tid =~ s{[/\s]+}{
}g;

my $i = 0;
$i++ while $m->notes("$tid-$i");

Applied only second part. The first one is potential security risk
unless $id is escaped.On 10/30/07, Jason Long jlong@messiah.edu wrote:

Widgets/TitleBoxStart generates code like this:

...

For the first div, XHTML validator complains:

syntax of attribute value does not conform to declared value .

For the second quoted div, XHTML validator complains:

value of attribute “id” must be a single token .

In other words, better to not even put an id attribute if you don’t
have a value, and id values should be sanitized. See patch below.

html/Widgets/TitleBoxStart | 4 +±-
1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/html/Widgets/TitleBoxStart b/html/Widgets/TitleBoxStart
index 704caa7…9d954c8 100755
— a/html/Widgets/TitleBoxStart
+++ b/html/Widgets/TitleBoxStart
@@ -45,7 +45,7 @@
%# those contributions and any derivatives thereof.
%#
%# END BPS TAGGED BLOCK }}}
-


+<div class=“titlebox <% $class %>”<% $id ? qq[ id="$id"] : ‘’|n %>>
"> % if ($hideable) { X @@ -78,7 +78,7 @@ my $page = $m->request_comp->path; my $tid = "TitleBox--$page--" . join '--', ($class, $bodyclass, $title, $id);

-$tid =~ s{/}{}g;
+$tid =~ s{[/\s]+}{
}g;

my $i = 0;
$i++ while $m->notes("$tid-$i");


List info: http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-devel

SAVE THOUSANDS OF DOLLARS ON RT SUPPORT:

If you sign up for a new RT support contract before December 31, we’ll take
up to 20 percent off the price. This sale won’t last long, so get in touch today.
Email us at sales@bestpractical.com or call us at +1 617 812 0745.

Best regards, Ruslan.