-
Bug
-
Resolution: Fixed
-
High
-
2.2.5
JTidy doesn't correctly parse balanced angle brackets inside XML comments (<!-- ... -->). Angle brackets should be allowed as literals in this case [1], but JTidy does not do this properly.
To replicate this, create a user macro with the following content:
<script>
<!--
if (4 < 5 && 3 > 2) alert("Oops.");
// -->
</script>
Include the user macro in a page, and export it to PDF. The part of the user macro following the greater-than sign is included in the PDF text.
The same bug exists for CDATA sections and browsers do not seem to understand correctly-escaped Javascript using > and <, at least in HTML 4.0 mode.
A workaround is to remove the greater-than sign (>) by using a negative condition.
if (4 < 5 && !(3 <= 2)) alert("Oops.");
This was identifed by a plugin author attempting to put commented Javascript in his Velocity template [2].
[1] http://www.w3.org/TR/REC-xml/#sec-comments
[2] http://forums.atlassian.com/thread.jspa?messageID=257229977
- causes
-
-
- Closed
-
- duplicates
-
-
- Closed
-
[CONFSERVER-6490] PDF export breaks with angle brackets inside comments
This is a significant issue since a lot of macros (sql, excel, csv, table-plus) all produce javascript that causes the pdf output to be bad. Can the severity of this be increased so it can be resolved quickly.
See SCRP-88 (http://developer.atlassian.com/jira/browse/SCRP-88) for instance.
I have included a step in the wiki->html->(here)
>fo>pdf process to strip out all html comments.This should have the affect that tidy doesn't get its grubby hands on the comments and try and format them "correctly", which should have the affect that javascript wont appear on the rendered pdf output.
I tested this with the suggested macro on this bug as well as some other "real" macros.
Committed for 2.4.4.