Opened 12 years ago

Closed 12 years ago

#7497 closed defect (duplicate)

notebook -- bug in viewing/editing attached files

Reported by: was Owned by: boothby
Priority: major Milestone: sage-duplicate/invalid/wontfix
Component: notebook Keywords:
Cc: Merged in:
Authors: Reviewers:
Report Upstream: N/A Work issues:
Branch: Commit:
Dependencies: Stopgaps:

Status badges

Description (last modified by was)

In the notebook, click "Data --> Upload or create file...", then edit the file to contain

Hi </textarea> foo bar 

Save it and re-open it. The foo bar is *outside* the text area! This is because this is rendered using the data/sage/html/notebook/download_or_delete_datafile.html template with this line in it:

    <textarea class="edit" name="textfield" rows=17 cols=70 
    id="textfield">{{ text_file_content }}</textarea>

Attachments (1)

trac_7497-escape_view_edit_attached.patch (1.1 KB) - added by mpatel 12 years ago.
Escape data file content placed in view/edit window. sagenb repo.

Download all attachments as: .zip

Change History (7)

comment:1 Changed 12 years ago by was

  • Description modified (diff)

comment:2 Changed 12 years ago by mpatel

  • Report Upstream set to N/A

I think it's sufficient to replace {{ text_file_content }} with {{ text_file_content|e }} (cf. this).

Changed 12 years ago by mpatel

Escape data file content placed in view/edit window. sagenb repo.

comment:3 Changed 12 years ago by mpatel

  • Authors set to Mitesh Patel
  • Cc timdumol added
  • Status changed from new to needs_review

comment:4 Changed 12 years ago by mpatel

#7786's v8 should subsume this. If/when that ticket merges, please close this ticket.

comment:5 Changed 12 years ago by mpatel

  • Work issues set to Close with #7786

comment:6 Changed 12 years ago by timdumol

  • Authors Mitesh Patel deleted
  • Cc timdumol removed
  • Milestone changed from sage-4.3.1 to sage-duplicate/invalid/wontfix
  • Resolution set to duplicate
  • Status changed from needs_review to closed
  • Work issues Close with #7786 deleted

Works with sagenb-0.6.

Note: See TracTickets for help on using tickets.