Error in class name and unescaped output
3 posts
• Page 1 of 1
Error in class name and unescaped output
by fedefil » Thu Oct 18, 2007 2:32 pm
Hi,
I'm in the process of migrating my sites from Joomla 1.0.13 to 1.5RC3 and I just tried Xmap as a replacement for Joomap (still incompatible).
I noticed a couple of bugs I hope you can fix in the next release of Xmap.
First, the class name for top level tags is "level_" instead of "level_0".
I inspected the code and saw that you actually pass an empty string to XmapHtml::getHtmlList as the third argument, hence the resulting wrong class name.
I think you should explicitly pass '0' or leave the argument empty (in this case, it must be the rightmost in the argument list, otherwise it cannot be omitted).
Second, you should properly escape the output when inserting strings from the database.
For ex., when you use $node->name when building the anchor tags you should always use the htmlspecialchars function to avoid invalid markup (I have some menu title containing double quote characters).
I'd also like to suggest a few improvements to Xmap (sorry if I'm OT here).
First, please make possible to deactivate the default stylesheet (I know I can simply comment or blank it out in the backend, but I also do not want it linked in the HTML header by default when showing the component).
Second, in case you rewrite Xmap for full compatibility with Joomla 1.5!, please consider adding full template support, so that all HTML output can be overridden (for ex., I'd like to be able to output the component title as a title instead of a tag).
Thanks for your attention.
Federico
I'm in the process of migrating my sites from Joomla 1.0.13 to 1.5RC3 and I just tried Xmap as a replacement for Joomap (still incompatible).
I noticed a couple of bugs I hope you can fix in the next release of Xmap.
First, the class name for top level tags is "level_" instead of "level_0".
I inspected the code and saw that you actually pass an empty string to XmapHtml::getHtmlList as the third argument, hence the resulting wrong class name.
I think you should explicitly pass '0' or leave the argument empty (in this case, it must be the rightmost in the argument list, otherwise it cannot be omitted).
Second, you should properly escape the output when inserting strings from the database.
For ex., when you use $node->name when building the anchor tags you should always use the htmlspecialchars function to avoid invalid markup (I have some menu title containing double quote characters).
I'd also like to suggest a few improvements to Xmap (sorry if I'm OT here).
First, please make possible to deactivate the default stylesheet (I know I can simply comment or blank it out in the backend, but I also do not want it linked in the HTML header by default when showing the component).
Second, in case you rewrite Xmap for full compatibility with Joomla 1.5!, please consider adding full template support, so that all HTML output can be overridden (for ex., I'd like to be able to output the component title as a title instead of a tag).
Thanks for your attention.
Federico
- fedefil
- Fresh Boarder
- Posts: 3
- Joined: Thu Oct 18, 2007 12:59 pm
Re:Error in class name and unescaped output
by guilleva » Thu Oct 18, 2007 11:10 pm
First, the class name for top level tags is "level_" instead of "level_0".
This is already fixed on the development version. (To be released soon)
Second, you should properly escape the output when inserting strings from the database.
Right! I will do it ;)!
First, please make possible to deactivate the default stylesheet (I know I can simply comment or blank it out in the backend, but I also do not want it linked in the HTML header by default when showing the component).
Yes, that's true! Added to "TODO list"!
Second, in case you rewrite Xmap for full compatibility with Joomla 1.5!, please consider adding full template support, so that all HTML output can be overridden (for ex., I'd like to be able to output the component title as a title instead of a tag).
Ok, I'm going to have that in mind!
Thanks for your attention.
Thanks you for your comments!
-
guilleva - Administrator
- Posts: 1517
- Joined: Wed Sep 12, 2007 3:10 am
- Location: San José, Costa Rica
Re:Error in class name and unescaped output
by fedefil » Tue Nov 27, 2007 3:58 pm
Proper output escaping still missing in 1.0.4.
- fedefil
- Fresh Boarder
- Posts: 3
- Joined: Thu Oct 18, 2007 12:59 pm
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: Bing [Bot] and 1 guest