Note title is not correctly escaped/unescaped during editing - client-side js
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Ubuntu One Servers |
Won't Fix
|
Medium
|
Ubuntu One Client Engineering team | ||
Bug Description
When a note is created containing <, > and & it is:
1. < and > entities are not escaped after initial save is pressed, the elements are injected in HTML that leads to html syntax errors on the client side/part of the page being missing, etc.
2. When note is loaded from the server, it is properly escaped, when the note is selected for editing, the characters in input box remain being escaped thus if there is a subsequent save, then we will have single escaping.
STR:
1. Create a note with the following title: "Text <!-- comment --> & more text"
2. Save it.
3. See that the title turned out into "Text & more text", while the right pane shows "Text <!-- comment --> & more text" properly.
4. Reload the note UI
5. Open the created note, see that the title is intact.
6. Edit the note, see that the note title is not unescaped - "Text <!-- comment --> & more text".
7. If the note is now saved, the unescaped version will be escaped once again leading to "Text &lt;!-- comment --&gt; &amp; more text".
Observed on trunk.
| Changed in ubuntuone-servers: | |
| importance: | Undecided → Medium |
| assignee: | nobody → Ubuntu One Desktop+ team (ubuntuone-desktop+) |
| tags: | added: notes webui |
| Changed in ubuntuone-servers: | |
| status: | New → Confirmed |
| tags: | added: desktop+ |
| visibility: | private → public |
| Changed in ubuntuone-servers: | |
| status: | Confirmed → Triaged |
| Paul Hummer (rockstar) wrote | #1 |
| Changed in ubuntuone-servers: | |
| status: | Triaged → Won't Fix |
Since this bug affects the Notes web UI, and we've recently removed the Notes web UI, this bug is no longer applicable. Thanks for the report.