MyBB Community Forums

Full Version: Quick Editing in a MyCode that contains a <script> breaks editing
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
When using Quick Edit JEditable inserts the JSON the server returns into the post upon saving before MyBB's javascript interprets it and adds only the relevant bit. If said JSON includes a <script> tag (most likely because of a MyCode), the browser will try to interpret the rest of the JSON as javascript (because </script> gets escaped as <\/script> which isn't a valid closing tag) which results in a syntax error, interrupting MyBB's javascript and showing the user a rather messed up post.

I got around it with a quick-and-dirty try catch in jeditable.min.js around $(self).html(result);, but perhaps the line could be removed entirely.
I'm not sure where the script tag should come from. There's no default bbcode which uses it. But IIRC an issue with quick edit escaping has been fixed lately.
I can confirm in 1.8.5. And i think quick reply issue is caused by the same thing.
Have you checked it in 1.8.6 too? As mentioned I remember that something with escaping has been fixed there already. Not 100% sure though.
It's discussed internally and will most likely be fixed in 1.8.6 if we find a solution, so marking as pushed.