I took a look at the builds Dave had pointed me to earlier this
week. I haven't had a chance to check 3.1 but here are a few notes from
2.3.1 and 3.0.1. This is mainly around testing the submission of comments.
-----------
2.3.1 Notes
-----------
1. Still an issue where you can break out of the <textarea> of the
comment form when the comments value is populated during a preview. I
stated with a new weblog and left all default settings in place.
The file ./WEB-INF/classes/comments.vm needs an HTML escape added to the
following line.
<textarea name="content" cols="50" rows="10">$commentForm.content</textarea>
-----------
3.0.1 Notes
-----------
1. In the file ./WEB-INF/velocity/weblog.vm instances of
"$utilities.escapeHTML($cform.name)" should be
"$utils.escapeHTML($cform.name)" instead. Namely the code for populating
the name, email and URL fields of the comments form.
2. I have seen cases on blogs.sun.com where, if a user has customized a
theme from an older version (assuming 2.x) their theme can be locked
into using ./WEB-INF/velocity/deprecated/comments.vm. That being the
case, the issue above reported against 2.3.1 should be applied to the
"deprecated" version of comments.vm.
--
Matthew Montgomery
.Sun Engineering
Sun Microsystems, Inc.
