729153 - shutdownhtml and announcehtml need validation or preview

Status: NEW

(Bugzilla :: Administration, task)

Description

[Richard Lloyd]

Bugzilla's shutdownhtml and announcehtml text areas in Configuration -> General allow any raw HTML to be input without any preview or validation on them whatsoever. I accidentally typed a "<" instead of a ">" when closing a link (i.e. should have been </a> but was </a<) in an announcehtml message and I also forgot a </div> at the end of the message too :-(

This caused everything on all Bugzilla pages following the announcehtml message to stop rendering and also made it impossible to load the General page again to fix it (because the text areas wouldn't render)!

The kludgy workaround I did was to save the HTML of the General page, fix the message mistakes and then load the HTML from local filestore (I put a BASE HREF in the header to be safe), which allowed me to finally fix the message via a Web browser. Messy and I can't be the only one to have seen this problem :-(

Some HTML validation of the text areas would be nice, but I suspect even valid HTML could cause borking of the rendering of the rest of the page. What's needed is an intermediate preview page if anyone submits the General page with non-blank shutdownhtml/announcehtml text areas. If the preview gets borked, the admin user can just use click on Back in their browser, edit the text areas and try again.