Problem/Motivation
I just posted a response to a user. In it, I used PHP tags, with the following code inside (I'm not wrapping this in PHP tags, as that's where the problem arose):
return '<p>' . $result . '</p>';
However, the resulting code block looked like this:
return '' . $result . '';
For some reason, even though the p tags were in a PHP block, they were stripped out of the PHP block.
I fixed it by using the HTML entity for the opening < character in each P tag. But of course, this solution will not work for most users.
Proposed resolution
TBD
Remaining tasks
- Write tests
- Fix
Comments
Comment #2
jaypanComment #3
drummLet’s revisit this after #2578695: Use CKEditor on *.drupal.org sites
Comment #4
drummComment #5
drummDrupal.org currently processes autop before codefilter, that is likely to flip around with #2136887: Process code filter before line breaking. Both orderings look like they behave the same way.
<p>tags within<code>, inline or multiline, remain intact.The problem is:
For example:
Comment #6
cameron tod commentedThis appears to be a bug with Prism. I have fiddled around quite a bit but it seems like prism just doesn't know how to parse these kinds of strings.
There's a bit of noise about this upstream:
https://github.com/PrismJS/prism/issues/887
http://prismjs.com/plugins/unescaped-markup/
Comment #7
drummIt looks like codefilter does the escaping for
<code>tags before they get to Prism. I think<?phpshould behave the same way.Comment #8
drummAnd this effects all tags as far as I can tell, so all
<and probably&/etc. should be escaped.Comment #9
joelpittetI'm seeing this too: Check out the almost useless change record because the inner HTML being stripped.
https://www.drupal.org/node/2392803
Comment #10
joelpittetLooking at the HTML output it doesn't look to be an issue with PrismJS in the change record in #9. The markup is filtered before it hits the JS plugin.
Comment #11
jaypanI've been manually escaping the opening HTML tag when posting code on the site, so that the tags appear. It works, but of course once this bug is fixed, those are not going to show up as the escaped code, making the code unhelpful/unusable for people who come across it after that. And on that same note, I've seen plenty of old posts from before this bug, that have missing code just like in that change record.
Personally, I think this bug should have been given high priority and fixed months ago - this is a site built around a downloadable codebase, and the code to post code on the site doesn't work. Seems like a fairly major issue to me.
Comment #12
cameron tod commentedComment #13
cameron tod commentedComment #14
tr commentedThis is still a problem for drupal.org.
I just encountered one of my (still open) core Drupal bug reports from two years ago, where the significant parts of my post were lost because of this change in filter. This is the same as what happened to the change notice that @joelpittet mentioned in #9 (which is still as broken as it was last year when he mentioned it).
So we're losing good content here, and it's been that way for more than a year. It's not so much an issue for new content, assuming the poster uses the preview and proofreads the post... But there's a lot of old content out there, documentation pages, issues, etc. which were retroactively broken by this.
EDIT: After reading #11, I realize it IS also a problem for new content - we now have over a year's worth of new content where the content was potentially escaped manually within a <?php block - this new content will now be broken if this issue is fixed. Personally, I plan to use a <code> block instead of escaping stuff within <?php.
@Cameron Tod: You assigned this to yourself - are you working on it still?
Comment #15
cameron tod commentedI'm not actively working on it. Patches are welcome. I can add it to my queue of things to do but its sadly pretty long right now :/
Comment #16
cameron tod commentedComment #17
joelpittetComment #18
joelpittetThe code doesn't need to be decoded in prism, which further filters are stripping the p tags and potentially other tags.
Added to and fixed the tests.
Comment #19
joelpittetHere's an demo of this patch implemented:
https://codefilter-drupal.dev.devdrupal.org/node/2911176#comment-12270626
Comment #20
drummLooks good to me, same solution as #2694791: <code><em>HTML in code</em></code> is not properly escaped with Prism
Comment #21
drummDeployed to Drupal.org:
I haven’t cleared the field cache since I expect another deployment will get it in the next day or two, so existing content won’t be updated immediately.
Comment #22
jaypanI doubt it's possible, but while this bug has been in existence, I've gone in and manually HTML encoded the < sign in some of my posts, so that the HTML was displayed. Any chance of a search and replace on this?
Comment #23
drummNot likely, figuring out what was intended to be encoded or not is beyond what a straightforward search and replace can do.
Comment #24
tr commentedNote, the patch in #18 was deployed on Drupal.org two months ago, and has fixed the issue there.
It should be committed to this project so other users of this module get the same benefit!
Comment #25
joelpittetI've committed and pushed it to the -dev branch.