Mahara

Can't use ">" CSS selector in skins

Bug #1602447 reported by Aaron Wells on 2016-07-12

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Mahara	Fix Released	High	Unassigned
15.04	Fix Released	High	Unassigned	Mahara 15.04.9
15.10	Fix Released	High	Unassigned	Mahara 15.10.5
16.04	Fix Released	High	Unassigned	Mahara 16.04.3
16.10	Fix Released	High	Unassigned	Mahara 16.10.0

Bug Description

See https://mahara.org/interaction/forum/topic.php?id=7659

The ">" character is a basic selector in CSS, which allows you to specify an element contained within another element. For example, "div.class1 > span.class2" would match the span in

<div class="class1">Don't style me. But <span class="class2">style me!</span></div>

If you try to use a ">" in the "Custom CSS" section of a Mahara skin, it gets turned into "\3E". Probably it's being accidentally over-escaped at some point, because ">" is a syntactically important character in HTML.

To replicate:

1. Create a Mahara skin
2. On the skin editor go to the "Advanced" tab
3. In "Custom CSS" enter this:

body > .main-content > .row {
background-color: red;
}

4. Click "Save" (this closes the skin editor)
5. Edit the skin again, and navigate back to the Advanced tab.

Expected result: The "Custom CSS" field shows what you entered before
Actual result: The ">" in the Custom CSS field has been turned into "\3E".

Further test:

1. Apply the skin you selected in the previous test, to a Mahara page.
2. View the page in display mode.

Expected result: The page background is red.
Actual result: No change in the the appearance of the page.

See original description

Tags:

Revision history for this message

Aaron Wells (u-aaronw) wrote on 2016-07-12:

Marking this one as "high" priority because it looks obviously broken to the end-user.

Aaron Wells (u-aaronw) on 2016-07-12

description:

updated

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-07-12: A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/6716

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-08-08: A change has been merged

Reviewed: https://reviews.mahara.org/6716
Committed: https://git.mahara.org/mahara/mahara/commit/08facc98eca2c8c5c9171099bc717278a45b4518
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit 08facc98eca2c8c5c9171099bc717278a45b4518
Author: Aaron Wells <email address hidden>
Date: Wed Jul 13 11:35:34 2016 +1200

Bug 1602447: Allow ">" in CSS stylesheets

(Also removing the HTMLPurifier custom filters while I'm at it,
because they don't actually do anything in this context.)

behatnotneeded: Behat test to come later (due to current
Firefox/Selenium incompatibility issues.)

Change-Id: I47d3fba1962ff03b74e2b721ead81f1530886f04

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-08-08: A patch has been submitted for review

Patch for "16.04_STABLE" branch: https://reviews.mahara.org/6817

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-08-08: A change has been merged

Reviewed: https://reviews.mahara.org/6817
Committed: https://git.mahara.org/mahara/mahara/commit/1826f3c1e2251b91430e772f10b075f98278583c
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.04_STABLE

commit 1826f3c1e2251b91430e772f10b075f98278583c
Author: Aaron Wells <email address hidden>
Date: Wed Jul 13 11:35:34 2016 +1200

Bug 1602447: Allow ">" in CSS stylesheets

(Also removing the HTMLPurifier custom filters while I'm at it,
because they don't actually do anything in this context.)

behatnotneeded: Behat test to come later (due to current
Firefox/Selenium incompatibility issues.)

Change-Id: I47d3fba1962ff03b74e2b721ead81f1530886f04
(cherry picked from commit 08facc98eca2c8c5c9171099bc717278a45b4518)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-08-08: A patch has been submitted for review

Patch for "15.10_STABLE" branch: https://reviews.mahara.org/6818

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-08-08: A change has been merged

Reviewed: https://reviews.mahara.org/6818
Committed: https://git.mahara.org/mahara/mahara/commit/5c727f0852d0df7a904753e47a11ab84ee6344ef
Submitter: Robert Lyon (<email address hidden>)
Branch: 15.10_STABLE

commit 5c727f0852d0df7a904753e47a11ab84ee6344ef
Author: Aaron Wells <email address hidden>
Date: Wed Jul 13 11:35:34 2016 +1200

Bug 1602447: Allow ">" in CSS stylesheets

(Also removing the HTMLPurifier custom filters while I'm at it,
because they don't actually do anything in this context.)

behatnotneeded: Behat test to come later (due to current
Firefox/Selenium incompatibility issues.)

Change-Id: I47d3fba1962ff03b74e2b721ead81f1530886f04
(cherry picked from commit 08facc98eca2c8c5c9171099bc717278a45b4518)
(cherry picked from commit 1826f3c1e2251b91430e772f10b075f98278583c)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-08-08: A patch has been submitted for review

Patch for "15.04_STABLE" branch: https://reviews.mahara.org/6819

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2016-08-08: A change has been merged

Reviewed: https://reviews.mahara.org/6819
Committed: https://git.mahara.org/mahara/mahara/commit/0c6ddd295d586ca8f3365233c48a859af08dcf3d
Submitter: Robert Lyon (<email address hidden>)
Branch: 15.04_STABLE

commit 0c6ddd295d586ca8f3365233c48a859af08dcf3d
Author: Aaron Wells <email address hidden>
Date: Wed Jul 13 11:35:34 2016 +1200

Bug 1602447: Allow ">" in CSS stylesheets

(Also removing the HTMLPurifier custom filters while I'm at it,
because they don't actually do anything in this context.)

behatnotneeded: Behat test to come later (due to current
Firefox/Selenium incompatibility issues.)

Change-Id: I47d3fba1962ff03b74e2b721ead81f1530886f04
(cherry picked from commit 08facc98eca2c8c5c9171099bc717278a45b4518)
(cherry picked from commit 1826f3c1e2251b91430e772f10b075f98278583c)
(cherry picked from commit 5c727f0852d0df7a904753e47a11ab84ee6344ef)

Robert Lyon (robertl-9) on 2016-10-21

Changed in mahara:
milestone:	16.10.0 → none
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.