Commit 34b51dbf authored by Thomas Sibley's avatar Thomas Sibley
Browse files

Scrub HTML from the spreadsheet view of ticket searches

This prevents the web display parts of column map from leaking into the
spreadsheet, such as through custom fields.  However, multiple value CFs
are now output all run together instead of separated by "<br>" elements.
Whether this is an improvement or not depends on your point of view, but
it will be remedied to something saner in a following commit.

Any HTML entities are also decoded so that no HTML should be left.
parent ee2c9df0
......@@ -52,7 +52,11 @@ $OrderBy => 'id'
$Order => 'ASC'
$PreserveNewLines => 0
</%ARGS>
<%ONCE>
my $no_html = HTML::Scrubber->new( deny => '*' );
</%ONCE>
<%INIT>
require HTML::Entities;
$r->content_type('application/vnd.ms-excel');
......@@ -127,6 +131,8 @@ while (my $row = $Tickets->Next) {
# remove tabs from all field values, they screw up the tsv
$val = '' unless defined $val;
$val =~ s/(?:\n|\r)//g; $val =~ s{\t}{ }g;
$val = $no_html->scrub($val);
$val = HTML::Entities::decode_entities($val);
Encode::encode_utf8($val);
} @$col)."\n");
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment