On 03/05/2010 04:30 PM, Joel Forsberg wrote:
> On Friday 05 March 2010 15:06:34 Sergiu Dumitriu wrote:
> <snipped>
>> {pre}{/pre} prevents re-rendering the content.
>>
>> The result with this is:
>>
>> A damn
>> ----
>> ruler
>>
>> Which again is a bit wrong, but this is a bug in the core, it always
>> assumes that the content that it got from the title field is
>> velocity+HTML, even if the page is in xwiki/2.0 syntax.
>
> Do you happen to know the JIRA ticket for this bug? (if there is one?)
There isn't one AFAIK.
> The {pre} seems to dodge some of the unwanted effects, but in turn makes
> further editing the script difficult. Next time I edit the {pre} seems to have
> disappeared, instead leaving a<p>-tag artifact depending on circumstances.
Yes, that's another bug in the 1.0 renderer, one which can't be easily
avoided: the panel display itself is in a 1.0 document, which sees the
{pre} and "uses" it. As a workaround, you can edit the panel using the
object editor.
>> CrossSiteScripting example:<script>alert('I pwnd U')</script>
>> => bad, bad, bad
> That is exatly what I would like to avoid, hehe. :)
>
> Kind regards, Joel
--
Sergiu Dumitriu
http://purl.org/net/sergiu/
_______________________________________________
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
