Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-16496

The help line text for custom BBcode could be wrongly displayed

    Details

      Description

      If you use some character - like <, > or " - in the help line text for a custom BBcode, the tooltip text displayed - when the mouse moves over its BBcode button - will be unreadable in the posting editor. See attached screenshots.

      The problem is due to that code in posting_buttons.html template file

      title="{{ custom_tags.BBCODE_HELPLINE|e('html_attr') }}"
      

      The escape ('html_attr') seems to useless and even counterproductive. Here is the HTML output for the help line texts of screenshots.

      title="Same&#x20;effect&#x20;as&#x20;&amp;lt&#x3B;del&amp;gt&#x3B;&#x20;or&#x20;&amp;lt&#x3B;s&amp;gt&#x3B;&#x20;HTML&#x20;tags"
       
      title="Same&#x20;effect&#x20;as&#x20;&amp;quot&#x3B;del&amp;quot&#x3B;&#x20;or&#x20;&amp;quot&#x3B;s&amp;quot&#x3B;&#x20;HTML&#x20;tags"

      A simpler title="{custom_tags.BBCODE_HELPLINE}" is enough. Here is the HTML output:

      title="Same effect as &lt;del&gt; or &lt;s&gt; HTML tags"
       
      title="Same effect as &quot;del&quot; or &quot;s&quot; HTML tags"
      

      <, > or " turn into to &lt;, &gt; or &quot;

      Therefore, there is no potential problem.

       

        Attachments

        1. screen1.png
          screen1.png
          48 kB
        2. screen2.png
          screen2.png
          48 kB

          Activity

            People

            • Assignee:
              Marc Marc
              Reporter:
              Big Monstro Big Monstro
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: