Welcome, Guest. Please Login
Tinderbox
  News:
IMPORTANT MESSAGE! This forum has now been replaced by a new forum at http://forum.eastgate.com and no further posting or member registration is allowed. The forum is still accessible via read-only access for reference purposes. If you wish to discuss content here, please use the new forum. N.B. - posting in the new forum requires a fresh registration in the new forum (sorry - member data can't be ported).
  HomeHelpSearchLogin  
 
Pages: 1
Send Topic Print
html comments and entities (Read 5420 times)
Richard Bullen
Full Member
*
Offline



Posts: 27

html comments and entities
Mar 17th, 2010, 3:20am
 
I'm sending notes from TB to Expression Engine.
If there are any html comments in the note they being converted to entities, or at least the < and >.
This results in comments appearing on the page.

When I look at the export from TB in the "html view" the inequality signs (do they have an html name?) behave as expected.
However, the same information appears in Expression Engine with entities replacing the characters.

Within TB I have
html entities set to false
html markup text set to false

Clearly the problem could be at either end of the pipe but does anyone have any suggestions on anything else I can do in TB to help solve this problem, short of leaving out the comments, which I don't want to do.

Thanks.
Back to top
 
 
  IP Logged
Mark Anderson
YaBB Administrator
*
Offline

User - not staff!

Posts: 5689
Southsea, UK
Re: html comments and entities
Reply #1 - Mar 17th, 2010, 5:29am
 
I'd certainly check with EE's support that it isn't entifying angle bracket (< and >) characters at ingest. It may well do so as anti-XSS protection. If support can't help, try ingesting a manually created page and see if comments in that ingest OK.

Without knowing the EE side, chances are there's nothing that can be fixed this end - there's no point changing encoding if something else is going to undo that further down the line.

How are you getting from TB to EE? Via static export and upload, or 'note -> Post to weblog?
Back to top
 
 

--
Mark Anderson
TB user and Wiki Gardener
aTbRef v6
(TB consulting - email me)
WWW shoantel   IP Logged
Mark Bernstein
YaBB Administrator
*
Offline

designer of
Tinderbox

Posts: 2871
Eastgate Systems, Inc.
Re: html comments and entities
Reply #2 - Mar 17th, 2010, 10:15am
 
Are you doing an HTML export and uploading files, or are you using the Blogger API to talk to Expression Engine?
Back to top
 
 
WWW   IP Logged
Richard Bullen
Full Member
*
Offline



Posts: 27

Re: html comments and entities
Reply #3 - Mar 17th, 2010, 11:06am
 
in reply to both questions the transfer is made via the "Post to weblog" menu option.


What does "anti - XSS" refer to?


Thanks
Back to top
 
 
  IP Logged
Mark Anderson
YaBB Administrator
*
Offline

User - not staff!

Posts: 5689
Southsea, UK
Re: html comments and entities
Reply #4 - Mar 17th, 2010, 11:29am
 
XSS = Cross site scripting

Can't shed any insight on the 'Post to weblog' side as it's a closed process, so you might to best to talk directly to support.
Back to top
 
 

--
Mark Anderson
TB user and Wiki Gardener
aTbRef v6
(TB consulting - email me)
WWW shoantel   IP Logged
Mark Bernstein
YaBB Administrator
*
Offline

designer of
Tinderbox

Posts: 2871
Eastgate Systems, Inc.
Re: html comments and entities
Reply #5 - Mar 17th, 2010, 12:19pm
 
I *think* Tinderbox is doing the right thing and converting < and > to entities; they can't be left unencoded within the XML-RPC code. Expression engine should presumably interpret the entities, but it may be refusing to do so.

One reason for the reluctance -- this is what Mark Anderson was getting at -- is that it's a potential security issue. If you can embed arbitrary HTML inside (say) a forum post, then that HTML might do nefarious things. That's why many systems won't upload HTML per se -- a comment is safe, but a <script> might not be!
Back to top
 
 
WWW   IP Logged
Richard Bullen
Full Member
*
Offline



Posts: 27

Re: html comments and entities
Reply #6 - Mar 17th, 2010, 12:37pm
 
Thanks for the additional insights.

I did a cut and paste experiment and the result was that the transfer worked without any problems.

So I would guess the problem is occurring at the EE end of the transfer.
Back to top
 
 
  IP Logged
Pages: 1
Send Topic Print