[MGNLSTK-325] Quotes entered into an edit control can break the html code Created: 09/Mar/09  Updated: 23/Jan/13  Resolved: 12/Mar/09

Status: Closed
Project: Magnolia Standard Templating Kit (closed)
Component/s: None
Affects Version/s: 1.0
Fix Version/s: 1.1

Type: Bug Priority: Major
Reporter: Christian Ringele Assignee: Philipp Bärfuss
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty

 Description   

If text content is directly used within html code a quote entered by the user breaks the html.
This is not the case when fckEdit is used, only if edit control is used.

For example:
<meta name="keywords" content="${content.keywords}" />
If the use enters for keywords this: one, two, "best
The html code breaks.

Momentary solution in the meta tags:
<meta name="keywords" content="${content.keywords?html}" />

A better solution has to be found for all used text's in all templates. Not only the quote is a problem, any html code entered into an edit control is directly rendered.



 Comments   
Comment by Christian Ringele [ 12/Mar/09 ]

Is solved be the escape content wrapper.
Now all accessed content within stk is parsed as html. For example:
${content.title} is now within stk the same as normally in freemarker ${content.title?html}

Generated at Mon Feb 12 07:25:55 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.