View Issue Details

IDProjectCategoryView StatusLast Update
0034465mantisbthtmlpublic2024-06-10 04:59
Reporteratrol Assigned Toatrol  
PrioritynormalSeverityminorReproducibilityalways
Status assignedResolutionopen 
Target Version2.27.0 
Summary0034465: Wrong rendering of strings
Description

Most of the string values are rendered wrong if the values contain one of the html tags configured in $g_html_valid_tags_single_line .
E. g. with standard settings of $g_html_valid_tags_single_line, <i>field will be italic on "View Issue Details" and some other pages.

This is caused by using string_display_line instead of string_attribute

$g_html_valid_tags_single_linestring_display_lineshould just be considered for the values of

  • Standard "Summary" field
  • Custom field values of type String
  • ???

Affected fields

  • user name, real name, email
  • project name
  • profile fields
  • categories
  • version and build fields
  • token name
  • enum values
  • config names and values
  • ...

Related 0034463
Follow up to 0034432:0068904

TagsNo tags attached.

Relationships

related to 0034463 resolvedatrol Wrong rendering of custom field names 

Activities

atrol

atrol

2024-06-09 10:48

developer   ~0068965

WIP PR https://github.com/mantisbt/mantisbt/pull/2009

atrol

atrol

2024-06-09 11:03

developer   ~0068966

Last edited: 2024-06-09 11:03

@dregad @vboctor
Before going on to work on this and changing a lot more places from string_display_line to string_attribute, I would like to be sure that I am not on a wrong track with this.

The change in terms of $g_html_valid_tags_single_line is clear and certainly what is wanted.
The change is also good in terms of performance, as

  • there is no parsing for the $g_html_valid_tags_single_line
  • there are no events triggered for plugins

But I am a bit worried, as the current code is used since many years (of course, not clean as string_attribute was already used at some places).
Do you agree that triggering the plugin event EVENT_DISPLAY_TEXT is not needed / wanted?

If yes, I would continue my work.

dregad

dregad

2024-06-10 04:59

developer   ~0068968

$g_html_valid_tags_single_line / string_display_line should just be considered for the values of

  • Standard "Summary" field
  • Custom field values of type String

I agree.

I can't think of any other places where string_display_line() should be used at the moment. We don't have so many free-text, single-line fields (os/os_build/platform, version fields), and even for those it does not necessarily make sense to allow formatting.

But I am a bit worried, as the current code is used since many years (of course, not clean as string_attribute was already used at some places).
Do you agree that triggering the plugin event EVENT_DISPLAY_TEXT is not needed / wanted?

Of course such change has the potential to introduce regressions for anyone expecting a field's value to be formatted, but I think that's an acceptable risk and we can always advise if and when someone complains.