Tickets :: [#10996] tooltips.js on from: generates HTML tags

6.0.0-alpha12

6/12/25

Summary	tooltips.js on from: generates HTML tags
Queue	IMP
Queue Version	5.0.17
Type	Bug
State	Resolved
Priority	1. Low
Owners	slusarz (at) horde (dot) org
Requester	viktor (at) szepe (dot) net
Created	02/16/2012 (4865 days ago)
Due
Updated	02/17/2012 (4864 days ago)
Assigned
Resolved	02/16/2012 (4865 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

02/17/2012 04:38:40 PM	Git Commit	Comment #6	Reply to this comment
Changes have been made in Git (develop): commit 38592a5a1b5632b790d323b96f61bf07155f64e0 Author: Michael M Slusarz <slusarz@horde.org> Date: Wed Feb 15 23:04:08 2012 -0700 ~~Bug #10996~~: encode javascript tooltip imp/mailbox.php \| 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) http://git.horde.org/horde-git/-/commit/38592a5a1b5632b790d323b96f61bf07155f64e0

02/16/2012 06:04:41 AM	Michael Slusarz	Assigned to Michael Slusarz State ⇒ Resolved Patch ⇒ No

02/16/2012 06:04:16 AM	Git Commit	Comment #5	Reply to this comment
Changes have been made in Git (master): commit 38592a5a1b5632b790d323b96f61bf07155f64e0 Author: Michael M Slusarz <slusarz@horde.org> Date: Wed Feb 15 23:04:08 2012 -0700 ~~Bug #10996~~: encode javascript tooltip imp/mailbox.php \| 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) http://git.horde.org/horde-git/-/commit/38592a5a1b5632b790d323b96f61bf07155f64e0

02/16/2012 01:19:25 AM	viktor (at) szepe (dot) net	Comment #4	Reply to this comment
No. This breaks titles for those not viewing previews in tooltips Yes. That is true. I do not know Horde from inside.

02/16/2012 01:15:10 AM	Michael Slusarz	Comment #3	Reply to this comment
it needs a double encoder in php imp/mailbox.php:855 needs a htmlspecialchars around $msg['fullfrom'] No. This breaks titles for those not viewing previews in tooltips (which is pretty much everybody, since that option is disabled and locked by default).

02/16/2012 12:42:06 AM	viktor (at) szepe (dot) net	Comment #2	Reply to this comment
it needs a double encoder in php imp/mailbox.php:855 needs a htmlspecialchars around $msg['fullfrom'] $msg['from'] = Horde::link(IMP::composeLink(array(), array('actionID' => 'mailto', 'thismailbox' => $ob['mailbox'], 'uid' => $ob['uid'], 'mailto' => $getfrom['to'])), sprintf(_("New Message to %s"), htmlspecialchars($msg['fullfrom']) )) . $msg['from'] . '</a>';

02/16/2012 12:40:31 AM	Michael Slusarz	Priority ⇒ 1. Low

02/16/2012 12:34:56 AM	viktor (at) szepe (dot) net	Comment #1 Priority ⇒ 3. High Type ⇒ Bug Summary ⇒ tooltips.js on from: generates HTML tags Queue ⇒ IMP Milestone ⇒ Patch ⇒ Yes State ⇒ Unconfirmed	Reply to this comment
when js writes the email address enclosed in < and > into the tooltip div, it is rendered as an HTML tag: <name@email.tld> result: not displaying the address in "New message to" tooltip 1 minute patch: e.store('nicetitle', t.replace("<", "<").replace(">", ">")); instead of e.store('nicetitle', t); it needs a complete HTML encoder in js OR a double encoder in php