Ordered selection widget fails with five.pt

Bug #829484 reported by Asko Soukka on 2011-08-19
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
z3c.form
Undecided
Unassigned

Bug Description

z3c/form/browser/orderedselect_input.pt has (still) inline javascript without CDATA-declaration.

http://svn.zope.org/z3c.form/trunk/src/z3c/form/browser/orderedselect_input.pt?rev=90975

--- a 2011-08-19 16:54:37.000000000 +0300
+++ b 2011-08-19 16:54:32.000000000 +0300
@@ -220,8 +220,10 @@
             tal:attributes="id string:${view/id}-toDataContainer">
         <script type="text/javascript" tal:content="string:
           copyDataForSubmit('${view/id}');">
+ /* <![CDATA[ */
           // initial copying of field "field.to" --> "field"
           copyDataForSubmit("<i tal:replace="${view/id}"/>");
+ /* ]]> */
         </script>
       </span>
     </td>

Thank you for your time.

Tags: bug Edit Tag help
Joshua LaPlace (jlaplace) wrote :

The problem here is actually the <i tal:replace="${view/id}"/> in the contents of the <script> tag. With normal page templates it is replaced by the tal:content so it doesn't cause a problem there, but chameleon raises an error.

Hi,

Joshua LaPlace wrote:
> The problem here is actually the<i tal:replace="${view/id}"/> in the
> contents of the<script> tag. With normal page templates it is replaced
> by the tal:content so it doesn't cause a problem there, but chameleon
> raises an error.

Exactly, and that's why it must be either removed, replaced with
placeholder without '<' and '>' or defined inside CDATA-declaration to
be valid XHTML, that is required by Chameleon.

We've been overriding the widget template with one using
CDATA-declaration there to keep Chameleon parsing it, but any working
solution is OK.

I admit, I was too hurry to notice that the js-code causing problems for
Chameleon's parser is not even ever used because of tal:content in the
script tag :)

Anyway, thanks for notifying my report.

-Asko

Stephan Richter (srichter) wrote :

I properly escaped the code as proposed int he original report. See r123938.

Changed in z3c.form:
status: New → Fix Committed
Changed in z3c.form:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers