Kevin M. Brooks (lucretio) wrote in lj_dev,
Kevin M. Brooks

PATCHES: Escape bml

Note: These links no longer work. I think I messed up my goathack, so I wiped the whole thing clean, started fresh. This one should work:

According to this comment to my last patch, talkread.bml isn't escaping bml in comment subjects.

This patch does this. (Tested; works.)

I also noticed that userpic alt tags were cleaned for html. This led me to ask myself if they should be cleaned for bml as well. (I ended up doing this.)

On my goathack I put in a picture keyword of '(=H1 blah H1=)'. In editpics.bml, the keyword shows up as '<P><span class="heading">blah</span>' (because html was escaped). In allpics.bml, it came out unescaped.

#1. editpics.bml (tested; works):
#2. allpics.bml (tested; works):

I'm sure there are other places where bml should be escaped (topics? friends groups?). I'll check around later.

Found one more: when editing this entry using editjournal_do.bml, I noticed that the bml wasn't escaped, thus causing unwanted html to end up in the post. (I also escaped bml in friend group names and the picture selector.)

Another (picture related): update.bml?mode=full doesn't escape bml in the picture selector (and friends groups). (Same with editjournal_do.bml. I went back and did this.)

Update: I believe this is driving me insane. "I can't go to bed because I just thought of another place I need to escape bml!" Argh. I'm going to bed anyway.

To-do: friends/editgroups.bml, friends/filter.bml

haha: The patches have the wrong year on them. I'm dumb.

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded