[Closed] FEEDBACK ON BETA of v1.5.5

Printable View

Show 100 post(s) from this thread on one page

26 Feb 2016, 09:27 PM
lat9

Re: FEEDBACK ON BETA of v1.5.5

Proceeding on to the products' entry. I've got customers who use styling in their product names:

Code:

#Product Name

... which results in a preview display of that name as:

Code:

#Product Name

If it wasn't bad enough that the HTML is now displayed as (er) HTML, the processing has removed characters from the HTML itself! Clicking the "back" button from the preview keeps the malformed HTML.
26 Feb 2016, 11:27 PM
DrByte

Re: FEEDBACK ON BETA of v1.5.5

Quote:

Originally Posted by lat9

Proceeding on to the products' entry. I've got customers who use styling in their product names:

Code:

#Product Name

... which results in a preview display of that name as:

Code:

#Product Name

If it wasn't bad enough that the HTML is now displayed as (er) HTML, the processing has removed characters from the HTML itself! Clicking the "back" button from the preview keeps the malformed HTML.

That's part of the admin sanitization improvements to mitigate against XSS.

Why exactly are they putting [span]s in the product name? Is this just to insert some icon?
26 Feb 2016, 11:38 PM
DrByte

Re: FEEDBACK ON BETA of v1.5.5

Quote:

Originally Posted by lat9

Using a 155 version downloaded at around 2:20 pm EST today.

In the admin-console, with a two-language store (English and Spanish), there's a white-on-white component so that the selected language (while selected in the HTML) doesn't display the associated text. The <select> tag and its <option> tags are properly formed; it's an issue with the CSS (that I'm having trouble finding).

I can't seem to recreate this. Not finding any white-on-white.
27 Feb 2016, 02:44 AM
DrByte

Re: FEEDBACK ON BETA of v1.5.5

Quote:

Originally Posted by lat9

The overall admin-page padding seems to be "off" (or non-existent). Take a look at the Customers->Orders page, for example:wacko::
- The buttons use the default colors.
- The text butts up to end-of-screen on both the right and left
- There is no padding/margin for the orders-status-history table
- There is no padding between the order totals text/value pairs

Padding issues addressed here: https://github.com/zencart/zencart/pull/848/files?w=0
27 Feb 2016, 02:32 PM
lat9

Re: FEEDBACK ON BETA of v1.5.5

Quote:

Originally Posted by DrByte

That's part of the admin sanitization improvements to mitigate against XSS.

Why exactly are they putting [span]s in the product name? Is this just to insert some icon?

They're using the to have a different font for the hash-symbol.

The problem shows up also in the demo products (Test Examples->Test Three), as that product "demonstrates" the use of HTML tags in a product's name (uses and ). The only difference there is that the processing doesn't mangle the HTML associated with the product like it did the with HTML attributes).

To me, it seems like the mitigation is removing a feature that's been around from the get-go.
27 Feb 2016, 02:38 PM
lat9

Re: FEEDBACK ON BETA of v1.5.5

Quote:

Originally Posted by DrByte

Padding issues addressed here: https://github.com/zencart/zencart/pull/848/files?w=0

That helped with the padding; the order-navigation buttons on the top of Customers->Orders still "leave a lot to be desired".
27 Feb 2016, 02:46 PM
lat9

Re: FEEDBACK ON BETA of v1.5.5

Quote:

Originally Posted by DrByte

I can't seem to recreate this. Not finding any white-on-white.

The language-changer in the header's upper-left corner. It's only visible when multiple languages are defined in the store/admin.
27 Feb 2016, 04:05 PM
DrByte

Re: FEEDBACK ON BETA of v1.5.5

Quote:

Originally Posted by lat9

That helped with the padding; the order-navigation buttons on the top of Customers->Orders still "leave a lot to be desired".

Lol ... those came directly from the Edit Orders mod.

Will have to look at those separately.
27 Feb 2016, 04:07 PM
DrByte

Re: FEEDBACK ON BETA of v1.5.5

Quote:

Originally Posted by lat9

They're using the to have a different font for the hash-symbol.

This should help with that: https://github.com/zencart/zencart/pull/847

Quote:

Originally Posted by lat9

To me, it seems like the mitigation is removing a feature that's been around from the get-go.

Unfortunately security analysts would call it a flaw, not a feature.

Trying to find the balance ...
27 Feb 2016, 04:09 PM
DrByte

2 Attachment(s)

Re: FEEDBACK ON BETA of v1.5.5

Quote:

Originally Posted by lat9

The language-changer in the header's upper-left corner. It's only visible when multiple languages are defined in the store/admin.

I know what you're referring to.
I added another dummy language so that the box would show, and it shows up just fine:
Attachment 16073 Attachment 16074

Show 100 post(s) from this thread on one page