Textile eats code in comments, even between "@"

std · 2005-12-17 20:49:49

When posting code in a comment, Textile deletes it instead of escaping the html-brackets!

Example:

<pre><code>@<html>@</code></pre> becomes

Even when posting this message I had to escape the < manually. This is so evil, I can’t believe that TXP 4 has such a serious bug!

I discoverd this problem only because php markdown stopped working in comments after the upgrade to TXP 4.

BTW: The forum search also seems to be buggy, any search with “code” does not bring any result.

zem · 2005-12-17 23:16:51

Comments use a restricted version of Textile. Code tags are excluded.

Mary · 2005-12-17 23:21:29

Even when posting this message I had to escape the < manually.

I didn’t: <html>

std · 2005-12-18 11:26:32

Comments use a restricted version of Textile. Code tags are excluded.

What sense makes the “@”-feature of textile, if code is deleted completely even between the “@”? I don’t get it…

Well, can anyone please tell me how to enable the code feature of Textile for comments? One of my sites is about Webdesign and CSS, so the comment function is completely useless for me if commenters aren’t able to post code!

Please help… BTW: I still cannot search for the phrase “code” in the forum. All I get is this message:

Your search returned no hits.

Sencer · 2005-12-18 18:45:31

What sense makes the ”@”-feature of textile, if code is deleted completely even between the ”@”? I don’t get it.

Apparently you don’t, but it has been explained above: It works the way you expect it to work in articles. However comments are handled differently, currently for security reasons. striptags() is used on comments, which removes all html-code – so this is not a “problem” with textile, but with how comments are handled.

If you want to change how comments are processed, I would suggest writing a plugin, that takes over how comments are handled. There is currently no easy and secure way to do what you want.

std · 2005-12-18 22:09:35

Thanks for the explanation, but I still don’t understand why posting code in comments should be disabled. The purpose of the feature to enclose code with “@” in order to post code is that Textile will replace all that dangerous HTML-brackets with the according HTML-Entity. Why is that dangerous? Of course, code outside of “@” has to be stripped.

Unfortunately, I’m not a php coder and not able to write the suggested plugin.

Sencer · 2005-12-19 08:30:31

The “@” is used for formatting and supressing textile, it is not specifically connected to html-tags. So in a way the problem is that what you want just hasn’t been done yet. Yes, if the code can be adapted such that what you want is possible, but if done badly, it could lead to XSS-Attacks. I am sure that at one point it will be looked at – if anybody is willing to help, you’re welcome. ;)

std · 2005-12-19 20:06:58

Well, I’d love to help in my spare time. I can contribute some html and css skills, if needed.

Thanks for all the explanations at the moment …

thesheep · 2006-03-01 11:46:24

Yes I had the same shock when I tried to quote an HTML tag in a comment (discussing HTML). It seems it is impossible to put these into comments.

truist · 2006-11-29 03:38:31

I’ve created a patch to 4.0.4 that ‘fixes’ this behavior. See my blog post for details.

Last edited by truist (2008-07-03 12:01:14)

Textpattern CMS

Textpattern CMS support forum

#1 2005-12-17 20:49:49

Textile eats code in comments, even between "@"

#2 2005-12-17 23:16:51

Re: Textile eats code in comments, even between "@"

#3 2005-12-17 23:21:29

Re: Textile eats code in comments, even between "@"

#4 2005-12-18 11:26:32

Re: Textile eats code in comments, even between "@"

#5 2005-12-18 18:45:31

Re: Textile eats code in comments, even between "@"

#6 2005-12-18 22:09:35

Re: Textile eats code in comments, even between "@"

#7 2005-12-19 08:30:31

Re: Textile eats code in comments, even between "@"

#8 2005-12-19 20:06:58

Re: Textile eats code in comments, even between "@"

#9 2006-03-01 11:46:24

Re: Textile eats code in comments, even between "@"

#10 2006-11-29 03:38:31

Re: Textile eats code in comments, even between "@"

Board footer