Details
-
Bug
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
2.8.4, 2.9
-
Windows XP, Tomcat 7.0
Description
Steps to reproduce the bug:-
1. Go here: http://doc.jspwiki.org/2.4/Edit.jsp?page=WindowsInstall
2. Type in changenote: Testing "quotes" & ampersand
3. Click preview
4. Click Keep Editing
5. The changenote looks like this: Testing "quotes" & ampersand
Now the user has to remove it and type (Testing "quotes" & ampersand) again before saving. If the user didn't notice it, then the comment will be saved as "Testing "quotes" & ampersand" in the history.
=================================================
I know that entities need to be encoded for security reasons but this is a Bug.
When "keep editing" button is clicked, the comment should appear in decoded format. For that, there should be a javascript that execute "after" the page is loaded. No need to change any of the TextUtil.replaceEntities() methods.
=================================================
This is how I fixed it in my pc:
1. Added the following script to commonheader.jsp (or prettify.js)
<script type="text/javascript">
function decodeChangeNote() {
document.getElementById("changenote").value =
document.getElementById("changenote").value
.replace(/&/g,"&")
.replace(/</g,"<")
.replace(/>/g,">")
.replace(/"/g,"\"");
}
</script>
2. Changed <body> tag in EditTemplate.jsp to call this js function on load.
<body onload="decodeChangeNote()">
====================================================
Now JSPWiki works fine for me. Polish this fix if needed and commit it. Please correct me if I'm wrong.
