View Issue Details

IDProjectCategoryView StatusLast Update
16434Bug reportsSurvey editingpublic2020-07-06 13:21
Reportergabrieljenik Assigned To 
PrioritynoneSeverityminor 
Status closedResolutionfixed 
Product Version4.3.1 
Summary16434: Special characters shown as HTML entities in sidebar
Description

Screenshot attached

TagsNo tags attached.
Complete LimeSurvey version number (& build)4.3.0
I will donate to the project if issue is resolvedNo
Browser
Database & DB-VersionMysql
Server OS (if known)
Webserver software & version (if known)
PHP Version7

Activities

gabrieljenik

gabrieljenik

2020-06-26 17:39

partner  

adadadad.png (52,878 bytes)   
adadadad.png (52,878 bytes)   
gabrieljenik

gabrieljenik

2020-06-26 17:43

partner   ~58530

Last edited: 2020-06-26 17:43

View 2 revisions

Ok, so special characters should be shown as they are and not as html entities.
What about special characters which form tags? Should they be shown? Isn't that a security issue?

My call for fixing this was to use strip_tags.
So, sending special characters to look good. But tags are not sent.

So, the attached example (which has special characters resembling tags on the WYSIWYG editor, not the source view) should look like this on the side bar: Weight: {wiehfdj}

What do you think?

gabrieljenik

gabrieljenik

2020-06-26 17:49

partner   ~58531

PR: https://github.com/LimeSurvey/LimeSurvey/pull/1452

Text is flatten. After that. special chars are sent to the sidebar. Tags, which could be formed by special chars re-coded, are not sent.

DenisChenu

DenisChenu

2020-06-29 08:15

developer   ~58534

But : viewHelper::flatEllipsizeText($questionText, true) must already remove p tag here.

Seems test is not really flatten here ?

https://github.com/LimeSurvey/LimeSurvey/blob/af172d9dcbd46a4ebb9a43428cf45162c2741420/application/helpers/viewHelper.php#L216

DenisChenu

DenisChenu

2020-06-29 16:46

developer   ~58560

Oh : here <p> is not a tag , it's a HTML false tag ?

Can you send the lss please ?

If right : 3.X have same issue

gabrieljenik

gabrieljenik

2020-06-29 22:11

partner   ~58565

FYI. We have followed discussion with @Denis on github PR.

Made me think, how should special characters travel from server to front end. I believe they should travel as text.
Then Vue takes care of escaping.

That's how it is set now.
So wouldn't change the current PR.

If it is fine, I will wrap it there and then open a new ticket for v3

DenisChenu

DenisChenu

2020-06-30 08:38

developer   ~58569

Json send totally filtered caracter : it's the purpose of flatellipsise

vue escape it again

This is the issue

sushmanadendla

sushmanadendla

2020-06-30 16:01

manager   ~58584

Tested the issue by checking out to the branch. Special characters are not diplayed in question code,working as expected
Please refer the screenshot for more details

DenisChenu

DenisChenu

2020-06-30 16:45

developer   ~58589

Since <p> are shown in HTML editor : it must be shown in management :)

It's a false tag.

guest

guest

2020-07-02 14:43

viewer   ~58652

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&amp;id=30243

lime_release_bot

lime_release_bot

2020-07-06 13:21

administrator   ~58708

Fixed in Release 4.3.3+200707

Related Changesets

LimeSurvey: master 398d07fc

2020-07-02 14:41:47

gabrieljenik


Committer: GitHub Details Diff
Fixed issue 16434: Special characters shown as HTML entities in sidebar (#1452)

Dev: Text is flatten. After that. special chars are sent to the sidebar. Tags, which could be formed by special chars re-coded, are not sent.
Affected Issues
16434
mod - application/controllers/admin/surveyadmin.php Diff File

Issue History

Date Modified Username Field Change
2020-06-26 17:39 gabrieljenik New Issue
2020-06-26 17:39 gabrieljenik File Added: adadadad.png
2020-06-26 17:43 gabrieljenik Note Added: 58530
2020-06-26 17:43 gabrieljenik Note Edited: 58530 View Revisions
2020-06-26 17:49 gabrieljenik Note Added: 58531
2020-06-29 08:15 DenisChenu Note Added: 58534
2020-06-29 16:46 DenisChenu Note Added: 58560
2020-06-29 16:46 DenisChenu File Added: Capture d’écran du 2020-06-29 16-45-30.png
2020-06-29 16:46 DenisChenu File Added: Capture d’écran du 2020-06-29 16-46-04.png
2020-06-29 22:11 gabrieljenik Note Added: 58565
2020-06-30 08:38 DenisChenu Note Added: 58569
2020-06-30 16:01 sushmanadendla Note Added: 58584
2020-06-30 16:01 sushmanadendla File Added: 16434_Specialchar_QuestionCode.png
2020-06-30 16:45 DenisChenu Note Added: 58589
2020-07-02 14:43 gabrieljenik Changeset attached => LimeSurvey master 398d07fc
2020-07-02 14:43 guest Note Added: 58652
2020-07-06 13:21 lime_release_bot Note Added: 58708
2020-07-06 13:21 lime_release_bot Status new => closed
2020-07-06 13:21 lime_release_bot Resolution open => fixed