Important Major problems with Kunena 1.5 and the Tidy extension

Preface: I have no idea what happened on my server to enable the Tidy extension. I thought everything was working fine but now I'm seeing bizarre, show-stopping problems with my forum. So far all the problems have traced back to Tidy.

Original problem: HTML Tidy breaks com_kunena/lib/kunena.bbcode.js.php

Or, rather, com_kunena/lib/kunena.bbcode.js.php has a bug that causes undesired behavior when the output is filtered through HTML Tidy.

In the colorPalette() function that starts on line 82 there are several document.write() calls that write HTML end tags starting on line 102: Per the HTML spec , you can't do that in an embedded script. Browsers will tolerate it but when Tidy sees it Tidy will interpret the tags as actual HTML tags, not as JavaScript string literals. Tidy will insert "</script></form>" in an attempt to clean up the code but of course that causes the remainder of the script to be spit out onto the page.

The close tags must all be escaped, like this: I'm really, really surprised that nobody noticed this before. :huh:

Next problem: Editing a forum post doesn't work. The JavaScript call that actually submits the edit form throws an error "document.postform.fb_authorname is undefined".

On closer examination this again due to a bug that browsers will tolerate but Tidy won't.

From com_kunena/template/default/post.php, line 789: What's wrong with this picture? Look at the form tag, it's empty! Probably a typo by somebody who was getting carried away with <br /> and <input />. A browser will figure out that you probably didn't mean to do that and treat the tag as <form> and not <form />. But Tidy will translate "<form />" into "<form></form>" and now the browser can't ignore it. The form is now undeniably empty so of course the "fb_authorname" property is undefined.

Just delete one character from line 789, like this:
Getting a little worried here. I suppose I can just go disable the Tidy extension but I'm more concerned about what other bugs are waiting to bite me.

andrew.mcconnell wrote: The close tags must all be escaped, like this:

Code:

document.writeln('<\/td>'); } if (dir == 'v') {document.writeln('<\/tr>');} } if (dir == 'h') {document.writeln('<\/tr>');} } document.writeln('<\/table>'); }

I'm really, really surprised that nobody noticed this before. :huh:

Very interesting. It looks like you've stumbled upon a feature of modern web browsers that allow a lot of latitude for "poorly-written" Javascript. I agree that, in order to strictly adhere to SGML that Javascript strings involving a right-slanting solidus character (i.e. "/") should escape that character. But, really, I don't think most people get too fussed these days about compliance with SGML.

If I understand you correctly, you have a tool/plugin that generates "tidy" HTML. What purpose does this serve?

HTML Tidy is a developer's tool. It allows developers to check if their HTML is "clean". These things may be useful to know down-track. Thank you for your suggestions. I'll pass them along to the development team for comment.

First of all thank you for reporting these issues.

While we don't recommend running any sort of HTML Tidy module/plugin on a production server, these are valuable fixes that will improve how Kunena works overall.

Without the Tidy - none of our users will ever see those or will have issues with them.

For Kunena 1.6 we spent a lot more time on making sure our code is up to certain standards. For example when we switched to Zend Studio as the development environment we enabled code quality parsing for php, html, css and js and fixed over 2000+ issues that would have never been caught in earlier versions of Kunena. We still might have missed a few things here and there, but overall the quality of code in K1.6 is way better than any prior release of Kunena or even worse FireBoard & Co.

Any help and input you can provide on these issues as they pertain to Kunena 1.6 would be extremely helpful.

For Kunena 1.5 we do have a branch with fixes that these should get added to too.

Tidy is part of an output filter in the patTemplate library which Kunena 1.5 uses for templating. While it's not typically turned on (and I don't quite know how mine got turned on, or how to turn it off) it's still part of the Joomla 1.5 core code and not a third-party tool or plugin.

But beyond Tidy these bugs are still bugs that would break HTML validation of forum pages. I appreciate that efforts are focused on Kunena 1.6 right now, but just FYI, these issues would be lurking in a vanilla Kunena 1.5 install, not some weird hacked-up version.

Kunena 1.6 looks really great. The site I'm working on now launches next week so I can't upgrade just yet but I'm putting it on my list for the next round of features. Thanks for all your hard work!