Closed Bug 938109 Opened 11 years ago Closed 11 years ago

SOMETIMES %26 is decoded when tags have an "&" sign results in ineffectual search functionality

Categories

(Webmaker Graveyard :: webmaker.org, defect)

Product:
Webmaker Graveyard
Component:
webmaker.org
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: laura, Assigned: cade)

References

Details

Attachments

(2 files)

https://github.com/mozilla/thimble.webmaker.org/pull/287
56 bytes, text/x-github-pull-request
michiel
: review+
Details | Review
https://github.com/mozilla/popcorn.webmaker.org/pull/320
56 bytes, text/x-github-pull-request
michiel
: review+
Details | Review
I've been tagging /teach makes with WebLitStd competencies. I documented the procedure here: https://support.mozilla.org/en-US/kb/how-tag-webmaker-makes-web-literacy-standard for "Design & Accessibility" the tag is "design&accessibility", but when you use the "&" in the tag, it is decoded in %26. Clicking on the "design%26accessibility" tag results in an appropriate URL search (i.e. https://webmaker.org/en-US/search?type=tags&q=design&accessibility ) but the search bar shows only the first part of the tag (i.e. "design") (Screenshot, compare URL w/ our search bar: http://i.imgur.com/cwduoRc.png ) Also, the %26 is NOT decoded for "sharing&collaborating", that one decodes as "&" (i.e. identical to the tag), but the Search issue is the same. The easiest way to see all this weirdness is to look at the MozTeach search: https://webmaker.org/en-US/search?type=user&q=mozteach and pay attention to makes tagged with "design%26accessibility", "coding%26scripting" or "sharing&collaborating"
The issue here may be where the ampersand is being entered. i.e. in Thimble vs in the Make Editor I'll take a look.
Yeah, confirmed, adding a tag with an ampersand to the make using thimble's tag tools will cause it to be escaped before being saved to the MakeAPI. Not sure how we want to handle this, because we do want to escape user input from the app. Short term, add tags containing ampersands using the Admin tool.
Assignee: nobody → cade
Status: NEW → ASSIGNED
See Also: → 938209
The correct thing to do here is to ensure the data is correctly encoded for output wherever it's used. See also https://bugzilla.mozilla.org/show_bug.cgi?id=938209#c9
Comment on attachment 832274 [details] [review] https://github.com/mozilla/thimble.webmaker.org/pull/287 renders decoded HTML as text rather than as html. R+
Attachment #832274 - Flags: review?(jon) → review+
Comment on attachment 832328 [details] [review] https://github.com/mozilla/popcorn.webmaker.org/pull/320 renders decoded HTML as text rather than as html. R+
Attachment #832328 - Flags: review?(pomax) → review+
Production Popcorn Maker and Thimble now properly escape tags that are output in the UI. Laura: For security purposes we've had to disallow '&' from being included in tags. I would suggest using '-', or separate tags rather than compound ones. Work is still to be done to fix the tagging problems in thimble and popcorn arising from the way we've implemented tutorials.
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: