Merge lp:~quam-plures-core/quam-plures/posting_xhtml-fixes into lp:quam-plures
Status: | Merged |
---|---|
Merged at revision: | 7604 |
Proposed branch: | lp:~quam-plures-core/quam-plures/posting_xhtml-fixes |
Merge into: | lp:quam-plures |
Diff against target: |
406 lines (+186/-76) 4 files modified
qp_inc/_core/_misc.funcs.php (+4/-13) qp_inc/_core/_param.funcs.php (+107/-47) qp_inc/xhtml_validator/_xhtml_validator.class.php (+72/-14) qp_srvc/comment_post.php (+3/-2) |
To merge this branch: | bzr merge lp:~quam-plures-core/quam-plures/posting_xhtml-fixes |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
EdB | Approve | ||
Tilman Blumenbach (community) | Needs Resubmitting | ||
Yabs | security-check | Pending | |
Review via email: mp+64326@code.launchpad.net |
Description of the change
Discussion: http://
-------
This branch cleans up some of the mess that posting and validating XHTML in QP currently is.
For example, this branch allows using HTML comments (<!-- ... -->) when posting (that was not possible until now). However, blog comments may not contain HTML comments -- they are converted to visible HTML (i. e. <-- ... -->). While HTML comments make sense in posts, I don't think that's the case for blog comments. It would just confuse users not familiar with HTML.
An important fix I incorporated into this branch is that all XHTML needs to be well-formed: Unclosed comments etc. are rejected. In the past, you could post blog comments simply containing "<!--", which would comment out everything after the blog comment (i. e. the rest of the page). Not good at all (shhh, I didn't tell you that!).
Finally, remember bug 736035? The fix we committed back then certainly works, but it's ugly. This branch has a better solution: Processing instructions (<?foo ... ?>) in posts are allowed as long as they contain valid XHTML (however, comments cannot contain processing instructions). Let me explain:
Something like "<?<a><
In other words, something like "<?foo <a href="http://
Of course, that violates the XML spec. Processing instructions contain application-
A clean solution would be to disallow processing instructions completely, but what if somebody finds a legitimate use for them? I don't want to restrict users.
Possiubly unrelated to this branch, and excuse me for not checking, but there are some really simple things I wanted to fix regarding xhtml trans and strict. I wonder if you'd mind adding them if they are not in this branch?
Simple stuff, and I'll find a file. Attributes get added to an image that are not xhtml strict even though 10 lines above a check is made for "if strict do it this way", and then the image tags get closed with "/>" instead of " />". It involves a minor style change and (again) I can't recall exactly why.
Anyway if you're up for adding a potentially unrelated yet slightly related bit I'd be happy to try to find the right file and bits for you.