Admin controls broken due to script tag in #description. Drupal 5.1
ragaskar - September 22, 2007 - 22:15
| Project: | Embed filter |
| Version: | 5.x-1.0 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | needs review |
Description
The '#description' on line 76 contains , and tags that do not appear to be 'check_plain'-ed, causing the form to render incompletely. wrapping the t() in a check_plain fixes this issue, obviously.
There's a good chance this may be the result of some unusual settings on our particular install, as otherwise I'd imagine many more people would be complaining. When I get an opportunity to test on our other server I'll report back if I experience similar problems.
#1
well, that should read "contains <object>, <embed> and <script>" tags. heh.
#2
Other tags in descriptions appear to be written as
<tag>, so copied that style to the description in question.#3
Escaping the characters <, >, and & is necessary in any xml (including xhtml). Most browsers tend to "do what I mean" in the case of xhtml but it's best practice to escape them anyway.
#4
#5
This is still not fixed... I just installed the module and I am getting the same problem. If I am supposed to "fix" it could you please let me know how this is done?
I am using IE 7, FireFox 3, Safari 3.2.1 on Windows XP...
Thanks
#6
#7
very simple fix, patch attached.
#8
Please ignore previous attachment. This is the right one.