publish() is sanitizing locale_html

RESOLVED WORKSFORME

Status

RESOLVED WORKSFORME
12 years ago
3 years ago

People

(Reporter: clouserw, Unassigned)

Tracking

Details

(Reporter)

Description

12 years ago
When a controller pushes addon (or really, any) data to the view, it's going through AppController::publish(), which is indiscriminate about what it sanitizes.  This means $var['Translation']['field']['locale_html'] is turning into, for example:

lang="en-US"

We should have it ignore $var['Translation']['field']['locale'] as well, so it doesn't encode dashes.
I think that would be fine.

Maybe we should have an array on the model that says which fields should be skipped for sanitization on the output?
(Reporter)

Updated

12 years ago
Assignee: nobody → clouserw
(Reporter)

Comment 2

12 years ago
r2987 has a quick fix for this so locale_html and locale aren't encoded.  I'm leaving this bug open because I think we need a more robust solution for this. 

We talked on IRC about redoing our sanitization method though, so I'm not sure where we're going yet.  Either way, we should look at this again in the near future.
Assignee: clouserw → nobody
Component: Add-ons → Public Pages
QA Contact: add-ons → web-ui

Updated

11 years ago
Target Milestone: --- → 4.0.1
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → WORKSFORME
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.