Another attempt at fixing student_ans HTML escaping issues.
#1027
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
drgrice1
force-pushed
the
bugfix/protect-error-html-try-2
branch
from
bff3bb2 to
27e15c8
Compare
pstaabp
approved these changes
Mar 6, 2024
drgrice1
force-pushed
the
bugfix/protect-error-html-try-2
branch
from
27e15c8 to
08df9b9
Compare
This backs up one step from what was done in openwebwork#1004. Instead of calling `protectHTML` on `$ans->{student_ans}` in the `cmp_error` method, that is instead called in the `cmp_parse` method in the case that the `$ans->{student_value}` is undefined. With openwebwork#1004, if `student_value` was defined, and then a problem author calls `Value::Error` in a custom answer checker, it results in the `student_ans` being escaped twice because it is escaped in `cmp_parse` and then again after the custom answer checker is called. With this approach the `student_ans` is escaped when `cmp_parse` is called in either case regardless if if `student_value` is defined, and then not again later (if `student_value` is defined and thus the checker is called) This is also before the `format_matrix` method is called for array answers. This fixes an issue also caused by escaping those already HTML formatted answers. In that case the `student_ans` is completely redefined after this from the `student_formula`. With openwebwork#1004, the `student_ans` is first HTML formatted in this case, and then later escaped which results in an incorrect display. This of course still fixes the issue that openwebwork#1004 attempted to fix, because the `student_value` is not defined, and so the `protectHTML` now called in `cmp_parse` covers this case. I am sure that this is not the end of this issue, but is better than both before openwebwork#1004 and after. I think that something along the lines of @dpvc's suggestion in openwebwork#990 (comment) will be needed to fully resolve this issue. I suggest that rather than having `student_ans_text`, `student_ans_html`, `student_ans_latex`, and `preview_ans_text` as suggested there, we use `student_ans`, `preview_latex_string`, and `preview_text_string`. `student_ans` would always remain a text answer, and never be HTML formatted, `preview_ans_latex` would stay the same and be LaTeX, and `preview_text_string` would always be HTML. The naming is not the best since `preview_text_string` is actually HTML, but it is the closest to the current usage, and so would take the least work. Note that currently `preview_text_string` is not actually used for anything. Even though it is documented in `lib/AnswerHash.pm` as being what is supposed to be displayed for the preview. So this proposal just aligns that answer hash key with its intended use. Test cases: ``` DOCUMENT(); loadMacros('PGstandard.pl', 'PGML.pl'); Context('Matrix')->flags->set(requireConstantVectors => 1); Context()->variables->are(s => 'Real', t => 'Real'); $ans = Formula('s<1, 0> + t<0, 1>'); $ans_cmp = $ans->cmp( checker => sub { my ($c, $s, $self) = @_; Value::Error('Try again') unless $c == $s; return 1; } ); BEGIN_PGML Enter [`[$ans]`]: [_]{$ans_cmp} END_PGML ENDDOCUMENT(); ``` With this problem enter `<s,0>+t<0,1>`. Prior to openwebwork#1004 the first vector would disappear from the displayed answer because `student_ans` was not escaped. After openwebwork#1004 and still with this pull request this is displayed correctly. Also with this problem enter `s<1,0>+t<0,2>`. Prior to openwebwork#1004 this displayed correctly. With openwebwork#1004 it is displayed as `s*<1,0>+t*<0,2>`. With this pull request is is displayed correctly. ``` DOCUMENT(); loadMacros('PGstandard.pl', 'PGML.pl'); Context('Matrix'); $A = Matrix([ [ 1, 0 ], [ 0, -1 ] ]); BEGIN_PGML Enter the matrix [`[$A]`]: [_]*{$A} END_PGML ENDDOCUMENT(); ``` With this problem enter `S, -1, 1, 0` for the matrix entries. Prior to openwebwork#1004 this displayed correctly. With openwebwork#1004 this is escaped twice, and so you see the HTML code displayed. With this pull request this is again displayed correctly.
drgrice1
force-pushed
the
bugfix/protect-error-html-try-2
branch
from
08df9b9 to
74a0365
Compare
|
To my knowledge this was the last (most recent, not necessarily final) change that was made on this topic. My production server has this change. And yet we are seeing an HTML escaping issue in certain answers. I cannot reproduce it on develop, so I wanted to ask if off the top of your head, have there been other merged commits in the past week or two that would affect HTML escaping in student answers? What we are seeing is that with an answer blank where MathQuill is not in use (in our case, because |
|
Nevermind about my question, I found the issue. My production server still had the very firs attempt that we made about this, uncommitted, that was cooked up during a meeting when we first found this issue. I removed that and now things seem fine. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is to address issue #1021 and the display issue discovered in #990, that was not quite fixed in #1004. This backs up one step from what was done in #1004. Instead of calling
protectHTMLon$ans->{student_ans}in thecmp_errormethod, that is instead called in thecmp_parsemethod in the case that the$ans->{student_value}is undefined.With #1004, if
student_valuewas defined, and then a problem author callsValue::Errorin a custom answer checker, it results in thestudent_ansbeing escaped twice because it is escaped incmp_parseand then again after the custom answer checker is called. With this approach thestudent_ansis escaped whencmp_parseis called in either case regardless if ifstudent_valueis defined, and then not again later (ifstudent_valueis defined and thus the checker is called)This is also before the
format_matrixmethod is called for array answers. This fixes an issue also caused by escaping those already HTML formatted answers. In that case thestudent_ansis completely redefined after this from thestudent_formula. With #1004, thestudent_ansis first HTML formatted in this case, and then later escaped which results in an incorrect display.This of course still fixes the issue that #1004 attempted to fix, because the
student_valueis not defined, and so theprotectHTMLnow called incmp_parsecovers this case.I am sure that this is not the end of this issue, but is better than both before #1004 and after. I think that something along the lines of @dpvc's suggestion in #990 (comment) will be needed to fully resolve this issue. I suggest that rather than having
student_ans_text,student_ans_html,student_ans_latex, andpreview_ans_textas suggested there, we usestudent_ans,preview_latex_string, andpreview_text_string.student_answould always remain a text answer, and never be HTML formatted,preview_ans_latexwould stay the same and be LaTeX, andpreview_text_stringwould always be HTML. The naming is not the best sincepreview_text_stringis actually HTML, but it is the closest to the current usage, and so would take the least work. Note that currentlypreview_text_stringis not actually used for anything. Even though it is documented inlib/AnswerHash.pmas being what is supposed to be displayed for the preview. So this proposal just aligns that answer hash key with its intended use.Test cases:
With this problem enter
<s,0>+t<0,1>. Prior to #1004 the first vector would disappear from the displayed answer becausestudent_answas not escaped. After #1004 and still with this pull request this is displayed correctly.Also with this problem enter
s<1,0>+t<0,2>. Prior to #1004 this displayed correctly. With #1004 it is displayed ass*<1,0>+t*<0,2>. With this pull request is is displayed correctly.With this problem enter
S, -1, 1, 0for the matrix entries. Prior to #1004 this displayed correctly. With #1004 this is escaped twice, and so you see the HTML code displayed. With this pull request this is again displayed correctly.