Skip to Content Skip to Menu

🌲 Merry Christmas! Great savings on Professional and Developer Memberships! Get 25% off now with code XMAS-2024!

[#6850] htmlspecialchars_decode in cbcontentbot.php

7 years 1 month ago - 7 years 1 month ago #298859 by cheesegrits
In line 151 in the cbcontentbot.php plugin, it's doing an htmlspecialchars_decode() on the entire text of the content. So if there is any markup in the content that relies on encoded text, for example tooltips ...
Code:
<label for="something" class="tooltip" title="&lt;ul class=&quot;validation-notices&quot; style=&quot;list-style:none&quot;&gt;&lt;li&gt;&lt;i data-isicon=&quot;true&quot; class=&quot;icon-star notempty&quot; &gt;&lt;/i&gt; Required item&lt;/li&gt;&lt;/ul&gt;" opts='{"formTip":true,"position":"top-left","trigger":"hover","notice":true,"heading":"Validation"}'>

... that get decoded into ...
Code:
<label for="something" class="tooltip" title="<ul class="validation-notices" style="list-style:non"><li><i data-isicon="true" class="icon-star notempty" ></i> Required item</li></ul>" opts='{"formTip":true,"position":"top-left","trigger":"hover","notice":true,"heading":"Validation"}'>

... which breaks the markup.

I'll admit this is a very corner case, but happens to affect some users of the extension I author (Fabrik). And in general, the assumption would have to be that if you are processing HTML which is being sent to the browser, you should assume that if anything is HTML encoded, it should stay that way.

Thanks for reading! And thanks for a long standing awesome extension.

-- hugh
Last edit: 7 years 1 month ago by krileon. Reason: Added [#6850] tag to subject

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48630
  • Thanks: 8307
  • Karma: 1446
7 years 1 month ago #298879 by krileon
Replied by krileon on topic htmlspecialchars_decode in cbcontentbot.php
We don't have a choice. Joomla and various extensions fiddle with the encoding (which causes us to have to fiddle with the encoding, lol) so we have to reverse it or we can't match our substitution shortcode. Have added a feature ticket to see if I can get a workaround implemented that avoids messing with the original markup.

forge.joomlapolis.com/issues/6850


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48630
  • Thanks: 8307
  • Karma: 1446
7 years 1 month ago #298883 by krileon
Replied by krileon on topic htmlspecialchars_decode in cbcontentbot.php
Are you sure it's CB causing this? I've tested your example in a Joomla article with all of our content plugins disabled and it still gets mangled. I'll need an example that I can reliable reproduce in Joomla for me to test potential fixes. In Joomla articles at least our content plugins work fine with and without the decode and don't really recall what situation required us to add it as its been so long.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

7 years 1 month ago - 7 years 1 month ago #298960 by cheesegrits
Replied by cheesegrits on topic htmlspecialchars_decode in cbcontentbot.php
Thanks you for the prompt responses.

In Joomla articles at least our content plugins work fine with and without the decode and don't really recall what situation required us to add it as its been so long.


Lol, I know that feeling.

Are you sure it's CB causing this?


Yup, positive. I've tested on the user's system, and if I remove the htmlspecialchars_encode() from that line, the markup is good, and I've never run in to any other issues with our markup getting un-encoded.

I'll be doing some integration work with CB soon, as I need to rewrite the Fabrik plugin for it, so I'll take a closer look when I have the code out on the slab in the lab.

One thing that confuses me is that the user is positive they don't use the {cb} tag anywhere, so I'm puzzled as to how it reaches line 151 in the first place.

-- hugh
Last edit: 7 years 1 month ago by cheesegrits.

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48630
  • Thanks: 8307
  • Karma: 1446
7 years 1 month ago #299028 by krileon
Replied by krileon on topic htmlspecialchars_decode in cbcontentbot.php

One thing that confuses me is that the user is positive they don't use the {cb} tag anywhere, so I'm puzzled as to how it reaches line 151 in the first place.

It should only ever reach that if they've a substitution shortcode or {cb} tag present in their content. There is an exclude context parameter though so if you set a specific context like com_frabrik.field when using Joomlas content prepare API you can set that in our plugins parameters so it won't run for that context at all as a workaround for time being.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum