z3c.form

Ordered selection widget fails with five.pt

Bug #829484 reported by Asko Soukka
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
z3c.form
Fix Released
Undecided
Unassigned

Bug Description

z3c/form/browser/orderedselect_input.pt has (still) inline javascript without CDATA-declaration.

http://svn.zope.org/z3c.form/trunk/src/z3c/form/browser/orderedselect_input.pt?rev=90975

--- a 2011-08-19 16:54:37.000000000 +0300
+++ b 2011-08-19 16:54:32.000000000 +0300
@@ -220,8 +220,10 @@
             tal:attributes="id string:${view/id}-toDataContainer">
         <script type="text/javascript" tal:content="string:
           copyDataForSubmit('${view/id}');">
+ /* <![CDATA[ */
           // initial copying of field "field.to" --> "field"
           copyDataForSubmit("<i tal:replace="${view/id}"/>");
+ /* ]]> */
         </script>
       </span>
     </td>

Thank you for your time.

Tags: bug
Revision history for this message
Joshua LaPlace (jlaplace) wrote :

The problem here is actually the <i tal:replace="${view/id}"/> in the contents of the <script> tag. With normal page templates it is replaced by the tal:content so it doesn't cause a problem there, but chameleon raises an error.

Revision history for this message
Asko Soukka (asko-soukka) wrote : Re: [Bug 829484] Re: Ordered selection widget fails with five.pt

Hi,

Joshua LaPlace wrote:
> The problem here is actually the<i tal:replace="${view/id}"/> in the
> contents of the<script> tag. With normal page templates it is replaced
> by the tal:content so it doesn't cause a problem there, but chameleon
> raises an error.

Exactly, and that's why it must be either removed, replaced with
placeholder without '<' and '>' or defined inside CDATA-declaration to
be valid XHTML, that is required by Chameleon.

We've been overriding the widget template with one using
CDATA-declaration there to keep Chameleon parsing it, but any working
solution is OK.

I admit, I was too hurry to notice that the js-code causing problems for
Chameleon's parser is not even ever used because of tal:content in the
script tag :)

Anyway, thanks for notifying my report.

-Asko

Revision history for this message
Stephan Richter (srichter) wrote :

I properly escaped the code as proposed int he original report. See r123938.

Changed in z3c.form:
status: New → Fix Committed
Stephan Richter (srichter)
Changed in z3c.form:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.