Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rails 2.3.6 rails-footnotes links are falsely HTML-safe escaped #19

Closed
niksosf opened this issue May 24, 2010 · 17 comments
Closed

Rails 2.3.6 rails-footnotes links are falsely HTML-safe escaped #19

niksosf opened this issue May 24, 2010 · 17 comments
Labels

Comments

@niksosf
Copy link

niksosf commented May 24, 2010

Pretty much as title. In the simplest app where the version number in environment.rb is 2.3.6 will turn the links that appear in any error page into "<a href.... "

Changing it to 2.3.5 and it will be fine again.

@jasoncodes
Copy link

It looks like the backtrace is now HTML escaped in action_controller/templates/rescues/_trace.erb. And as it calls Array#join, using rails-xss and calling .html_safe in add_links_to_backtrace won't suffice.

Is there an easy way to override rescues/_trace.erb?

@niksosf
Copy link
Author

niksosf commented May 24, 2010

Adjustment to my original post:
Not all links in the error page become falsely escaped; Rails's own "Application Trace", "Full Trace', etc links are fine. Just the jump-to-textmate-generated-by-footnotes links are affected.

@Svelix
Copy link

Svelix commented May 27, 2010

Same Problem in 2.3.8

@niksosf
Copy link
Author

niksosf commented May 27, 2010

I confirm Svelix's finding.

@christian
Copy link

Yep. Same here

@alfuken
Copy link

alfuken commented Jun 16, 2010

I've got the same issue. Here's the temporary solution I've end up with: http://pastie.org/1006791

@trekd
Copy link

trekd commented Jul 1, 2010

Thanks it works great for me,

i've just completed the _trace.erb on the line 27 with a <br/>

<%= trace.join "
\n" %>

@pol
Copy link

pol commented Jul 15, 2010

This fix isn't working for me, it's like the template_path_for_local_rescue is never being called in my application_controller. Is it possible that the rails_footnotes rescue override is loading in on top of the one in my application controller? I am using gem bundler to manage loading gems in the rails app, perhaps that's the difference.

@wakiki
Copy link

wakiki commented Aug 7, 2010

Yes not working for me either - I'm using rails 2.3.8

This is the sort of output I get:

Application Trace | Framework Trace | Full Trace

/Users/Steve/work/swom/app/views/admin/people/_new_members.html.haml:8:in _run_haml_app47views47admin47people47_new_members46html46haml_locals_model_new_members_object'</a> <a href="txmt://open?url=file:///Users/Steve/work/swom/app/views/admin/models/index.html.haml&amp;line=28&amp;column=1">/Users/Steve/work/swom/app/views/admin/models/index.html.haml:28:in_run_haml_app47views47admin47models47index46html46haml'

@wakiki
Copy link

wakiki commented Aug 7, 2010

OK I fixed it by overriding the 'template_error' type in rescues as well. It all works now

@nowhereman
Copy link

Wakiki, can you post your fix here ?
Thanks !

@alfuken
Copy link

alfuken commented Aug 26, 2010

nowhereman: try to replace following line from my temporary fix posted above:

if rescue_templates[exception.class.name] == 'diagnostics'

replace with this:

if [ 'diagnostics', 'template_error' ].include? rescue_templates[exception.class.name]

Should work.

... and don't forget to copy/create/modify "template_error" template as well.

@nowhereman
Copy link

I've also copied "_request_and_response" template and I replaced
<%= render :file => @rescues_path["rescues/_request_and_response.erb"] %>
with
<%= render :file => "rescues/_request_and_response.erb" %>
in app/views/rescues/diagnostics.erb

And finally I replaced
<%= trace.join "\n" %>
with
<%= raw trace.join "\n" %>
in *app/views/rescues/_trace.erb *.
And it works !

@pol
Copy link

pol commented Aug 26, 2010

alfuken: where would the original template_error template be located? I used your pastie to do the other template, so I don't know where the source came from.

@nowhereman
Copy link

E.g. for Rails 2.3.8 on Ubuntu :
/var/lib/gems/1.8/gems/actionpack-2.3.8/lib/action_controller/templates/rescues

@ijcd
Copy link

ijcd commented Dec 15, 2010

I accomplished this in a simpler way. This solution works for all template types as well.

https://gist.github.com/741931

--Ian

@jasoncodes
Copy link

Based on ijcd's work I have created my own fork which fixes the broken backtrace links. You can use it with the following line in your Gemfile:

gem 'rails-footnotes', '3.6.7', :git => 'http://github.com/jasoncodes/rails-footnotes.git', :branch => 'rails2'

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests