Back to limesurvey.org

Welcome to the LimeSurvey Community Forum

Ask the community, share ideas, and connect with other LimeSurvey users!

Using html entities such as greater than or less than <> not parsing as text

More
2 years 4 months ago #242844 by cheeseburger
Using html entities such as greater than or less than <> not parsing as text was created by cheeseburger
Please help us help you and fill where relevant:
Your LimeSurvey version: 6.0.4+230427
Own server or LimeSurvey hosting: Own server
Survey theme/template: Extending Vanilla
==================
Hello, Please see the screen shot below for reference. We are using question of type "List (Dropdown)". Within its answer options, we have values such as "Burger > Pizza". When we save the question, the > symbol remains as typed. When we save and close the question, the symbol is converted to its html entity code. This code will then display within the LS control panel view and on the front end through the browser of the actual survey. 

We tried to open the html editor window and tried through the source mode. It continues to convert back to the code. 

Thanks for any help. 

Please Log in to join the conversation.

More
2 years 4 months ago - 2 years 4 months ago #242864 by DenisChenu
Replied by DenisChenu on topic Using html entities such as greater than or less than <> not parsing as text
&gt; and &lt; are the html entities for > and <

It shown as > and < in surtveyè.

Just preview question.

It's needed for XSS protection here.

[Edit] Seems there are an issue : please report with a sample survey. community.limesurvey.org/bug-tracker/

(sorry : don't read the  “on the front end through the browser of the actual survey” part)
 
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member. - Professional support - Plugins, theme and development .
I don't answer to private message.
Last edit: 2 years 4 months ago by DenisChenu.

Please Log in to join the conversation.

More
2 years 4 months ago #242887 by cheeseburger
Replied by cheeseburger on topic Using html entities such as greater than or less than <> not parsing as text
Hi. Similar to the bug I posted a couple of days ago, I still can't post bugs. If you would be interested, please feel free to post this bug also. It was noted that the other bug (a third bug) regarding us not being able to log into the bug tracker is also being worked on. Thank you for your help.

Please Log in to join the conversation.

More
2 years 4 months ago #242992 by cheeseburger
Replied by cheeseburger on topic Using html entities such as greater than or less than <> not parsing as text
Hi Denis, I wanted to follow up on this item: There is an outstanding bug that doesnt permit me to log in to the bug tracker. Tony had submitted my last bug on my behalf, would you be able to submit the bug in this thread for me? I apologize for any inconvenience but really appreciate the assist. Thank you!

Please Log in to join the conversation.

More
2 years 4 months ago #242993 by DenisChenu
Replied by DenisChenu on topic Using html entities such as greater than or less than <> not parsing as text
Can you send me the simple lss file with just one Single choice dropdown question ?

You use 3.X before ? I like to test fi it's OK in 3.X or not.
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member. - Professional support - Plugins, theme and development .
I don't answer to private message.

Please Log in to join the conversation.

More
2 years 4 months ago #242994 by tpartner
Replied by tpartner on topic Using html entities such as greater than or less than <> not parsing as text
I cannot reproduce this problem in 6.0.5.

Can you attach a small sample .lss?
Cheers,
Tony Partner
Solutions, code and workarounds presented in these forums are given without any warranty, implied or otherwise.

Please Log in to join the conversation.

More
2 years 4 months ago #243002 by cheeseburger
Replied by cheeseburger on topic Using html entities such as greater than or less than <> not parsing as text
Denis/Tony - absolutely. Really appreciate you taking them time. Please see the attached. Thank you! 

File Attachment:

File Name: GreaterTha...Than.lss
File Size:19.69 KB

Please Log in to join the conversation.

More
2 years 4 months ago #243003 by cheeseburger
Replied by cheeseburger on topic Using html entities such as greater than or less than <> not parsing as text
We will also update from 6.04 to 6.05 and see if the issue is no longer present. Thanks!
The following user(s) said Thank You: DenisChenu

Please Log in to join the conversation.

More
2 years 4 months ago - 2 years 4 months ago #243011 by holch
Replied by holch on topic Using html entities such as greater than or less than <> not parsing as text
Imported your survey in LS5 and it shows &gt; instead of >.

However, if I use > in the answer option, it just shows > like normal.
Help us to help you!
  • Provide your LS version and where it is installed (own server, uni/employer, SaaS hosting, etc.).
  • Always provide a LSS file (not LSQ or LSG).
Note: I answer at this forum in my spare time, I'm not a LimeSurvey GmbH employee.
Last edit: 2 years 4 months ago by holch.

Please Log in to join the conversation.

More
2 years 4 months ago #243013 by holch
Replied by holch on topic Using html entities such as greater than or less than <> not parsing as text
Now in LS6 something strange happens.

This is what I included to test:
 

And this is the result:
 
Help us to help you!
  • Provide your LS version and where it is installed (own server, uni/employer, SaaS hosting, etc.).
  • Always provide a LSS file (not LSQ or LSG).
Note: I answer at this forum in my spare time, I'm not a LimeSurvey GmbH employee.

Please Log in to join the conversation.

More
2 years 4 months ago #243015 by cheeseburger
Replied by cheeseburger on topic Using html entities such as greater than or less than <> not parsing as text
Update: We updated LS to v6.05 and retried and the issue continues

Holch - yep, that's exactly our experience as well (as your screen shot shows).

Thanks everyone. Per Denis' post above, should we post to the bug tracker? If so, please would you mind posting on my behalf since I am not able to login to the bug tracker site.

Thanks!

Please Log in to join the conversation.

More
2 years 4 months ago #243021 by DenisChenu
Replied by DenisChenu on topic Using html entities such as greater than or less than <> not parsing as text

However, if I use > in the answer option, it just shows > like normal.
 
You can not use < or > in text if XSS is activated.

You need a non admin user with XSS activated to test.

I check with 3.X , 5.X and current master before reporting.
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member. - Professional support - Plugins, theme and development .
I don't answer to private message.

Please Log in to join the conversation.

More
2 years 4 months ago #243036 by holch
Replied by holch on topic Using html entities such as greater than or less than <> not parsing as text
XSS is not activated. Did you look at my screenshots and what is happening there? There is definitely something wrong.

The > that I put is showing in the question, the "<" doesn't (but is in the text, thus hasn't been filtered, because the XSS is not on, I am also Superadmin)
Help us to help you!
  • Provide your LS version and where it is installed (own server, uni/employer, SaaS hosting, etc.).
  • Always provide a LSS file (not LSQ or LSG).
Note: I answer at this forum in my spare time, I'm not a LimeSurvey GmbH employee.

Please Log in to join the conversation.

More
2 years 4 months ago - 2 years 4 months ago #243059 by DenisChenu
Replied by DenisChenu on topic Using html entities such as greater than or less than <> not parsing as text

XSS is not activated. Did you look at my screenshots and what is happening there? There is definitely something wrong.

The > that I put is showing in the question, the "<" doesn't (but is in the text, thus hasn't been filtered, because the XSS is not on, I am also Superadmin)

 
yes : because XSS is not activated for you : < is not shown

The HTML are this one

<option>Choice 1 <</option>

I think you can play (as super admin) to put

Choice 1 </option> <option>Choice 2

in the same answer … and see something strange …

PS : i think we need XSS filtering for superadmin too … (by options)
Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member. - Professional support - Plugins, theme and development .
I don't answer to private message.
Last edit: 2 years 4 months ago by DenisChenu.

Please Log in to join the conversation.

More
2 years 4 months ago #243118 by cheeseburger
Replied by cheeseburger on topic Using html entities such as greater than or less than <> not parsing as text
Hi. To help with your analysis: I just temp deactivated XSS and it did allow the greater than and less then symbols to display properly. However in our org we are required to keep it on.

Is it possible to update LS so it permits lone symbols such as greater than and less than when not in the context of an actual tag?

Also, early in this thread it was confirmed to be a bug. Do we still see it as a bug? If so, could someone continue to post that in the tracker? I know we were headed that direction but the conversation broke off into a secondary topic. 

I'm asking so we know how to communicate to our client. If it's not considered a bug, we will have to have them find an alternative method to present the question. We currently have them doing the same while awaiting the previous bug fix for array type F questions. We just need to know what status to communicate to them and to know if alternative solutions need to be found for the two outstanding challenges (possibly bugs). 

Thanks! 

Please Log in to join the conversation.

Moderators: tpartnerholch

Lime-years ahead

Online-surveys for every purse and purpose

Pricing & Plans
Get started

Legal

About Us

Open Source