User story #2947
closed
A special textarea-type field should exist for the Techniques that automatically escapes some characters
Added by Matthieu CERDA over 11 years ago. Updated about 9 years ago.
Description
A special textarea-type field should exist for the Techniques that automatically escapes some characters, in order not to create broken CFEngine promises :p
For example, this text:
Blah blah blah blah "blah" blah
would break because of the unescaped double quotes of "blah"...
The ideal would be a textarea that saves the text with escaped quotes and displays it without the escapes. (a "translation filter" or something like that.)
Updated by François ARMAND over 11 years ago
- Assignee changed from François ARMAND to Nicolas CHARLES
Nicolas, please could you specify exactly:
- what should go in LDAP (escaped version ?)
- what chars (and how) should be escaped ?
- what the user see when he edit again an escaped string ?
Updated by Jonathan CLARKE over 11 years ago
François ARMAND wrote:
I can't answer all the questions, but I have some clues:Nicolas, please could you specify exactly:
- what should go in LDAP (escaped version ?)
- what chars (and how) should be escaped ?
- what the user see when he edit again an escaped string ?
- The user must see exactly what he typed in. If he enters """The cat said "hi" then left""", he should see just that, no escapes.
- The information should arrive in CFEngine with escaped around the double quote character. I don't know about other chars to be escaped.
Updated by Jonathan CLARKE over 11 years ago
Oh, and an escaped " in CFEngine is \".
Updated by Nicolas CHARLES over 11 years ago
It's important that what the user types is what is gets back when opening the form again
I strongly advice that the escaped version is stored in the LDAP, for two reasons :- advanced users will be able to debug by looking at the content of the ldap
- it avoids the need of migration scripts : if users where used to escaping their stuff, then it will be handled nicely.
The only char to escape is (so far) the " to be escaped as a \"
Updated by François ARMAND over 11 years ago
Is this really a user-story, and not a bug of our current implementation ? It seems that what can cause CFEngine to fail should be filtered upfront, no ?
More specifically, is there a case where we don't want to escape chars ? And if so, isn't that "raw" field the special case, not the other way around ?
Nicolas CHARLES wrote:
It's important that what the user types is what is gets back when opening the form again
I strongly advice that the escaped version is stored in the LDAP, for two reasons :
- advanced users will be able to debug by looking at the content of the ldap
- it avoids the need of migration scripts : if users where used to escaping their stuff, then it will be handled nicely.
The only char to escape is (so far) the " to be escaped as a \"
Are we sure that the escaping function is a bijection so that all escaped sentence point back to exactly one not escaped one (what is required if we want to be able to display back to the user what he wrote even if we store the escaped sentence in LDAP) ?
Updated by Nicolas CHARLES over 11 years ago
François ARMAND wrote:
Is this really a user-story, and not a bug of our current implementation ? It seems that what can cause CFEngine to fail should be filtered upfront, no ?
It's a kind of limitation which can be considered a bug
More specifically, is there a case where we don't want to escape chars ? And if so, isn't that "raw" field the special case, not the other way around ?
There is only one situation where we'd want to avoid escaping : when filling external files that are not promises (like when using CDP, or template files). We have only filesPermissions and processManagement in this situation
So it should be the norm, and the non-escape the exception
Nicolas CHARLES wrote:
It's important that what the user types is what is gets back when opening the form again
I strongly advice that the escaped version is stored in the LDAP, for two reasons :
- advanced users will be able to debug by looking at the content of the ldap
- it avoids the need of migration scripts : if users where used to escaping their stuff, then it will be handled nicely.
The only char to escape is (so far) the " to be escaped as a \"
Are we sure that the escaping function is a bijection so that all escaped sentence point back to exactly one not escaped one (what is required if we want to be able to display back to the user what he wrote even if we store the escaped sentence in LDAP) ?
I can't see how something that does " => \" and \" => " would not by a bijection (at least, when we start with valid data). If someone inserts broken data in the LDAP, and we have unescaped " there, problem will arise.
But in this case, generated promises are also invalid
Updated by Nicolas CHARLES over 11 years ago
I've done further checks.
\ and \\ are considered the same by CFEngine
\t or \n are not escape charactrers
but
\\"is not valid as it is considered as a \ then a "
So we should probably escape the \ also to be on the safe side.
Note : it may have an impact on reporting, as it would change the string in the report key, and we'd have to check how it would be handled by rsyslog and postgres
Updated by Jonathan CLARKE over 11 years ago
- Target version changed from 2.5.0~beta1 to 2.5.0~rc1
Updated by Nicolas CHARLES over 11 years ago
When this will be implemented, we should probably alter what was done there : http://www.rudder-project.org/redmine/issues/3160
Updated by Nicolas CHARLES over 11 years ago
- Target version changed from 2.5.0~rc1 to 2.6.0~beta1
This won't be done in 2.5
Updated by Nicolas CHARLES about 11 years ago
The default will be to have the text automatically escaped, and a new contraint RAW will be created, for text that should no be escaped
How the escaping should be :
\ -> \\
" -> \"
The escaping will be done in cf-clerk
Updated by Matthieu CERDA about 11 years ago
- Status changed from 13 to 12
- Assignee changed from Nicolas CHARLES to Matthieu CERDA
Every ticket has been completed, merge has begun.
Updated by Matthieu CERDA about 11 years ago
- Status changed from 12 to Pending release
Merge complete.
Updated by Jonathan CLARKE about 11 years ago
- Status changed from Pending release to Released
This ticket has been addressed in version 2.6.0~beta1 of Rudder, which has just been released. Please see the changelog here: https://www.rudder-project.org/foswiki/System/Documentation:ChangeLog26.
Updated by Benoît PECCATTE about 9 years ago
- Category changed from 14 to Web - Config management