This has multiple consequences, depending on your perspective.
So, I created a dropdown with both raw HTML and bbcode in it, as I couldn't remember whether it allowed either or neither or what. bbcode is unparsed, understandably.
Now, raw HTML is not supported as such. I'm willing to take it that this is a security measure, because the way it is implemented, the value is stored as-is in the DB and displayed without further processing later on. So it would be a security issue to just accept and handle raw HTML there, and naturally it is htmlspecialchars'ified before use.
This leads us to the interesting situation where inside the dropdown, the htmlspecialchars'ified text will be rendered as HTML inside the selectbox.
Which means there's one bug, in that the content isn't twice-parsed.
There is a separate side bug related to the selectbox. I have a piece of text with an image that's substantially bigger than a single line of text. It was the first image at hand, and was 40x40. When the selectbox is expanded, it is displayed normally. But when closed and it is the selected item, something else happens entirely. See attached. The picture shows both the expanded behaviour and the unexpanded behaviour (i.e. it doesn't change height, and the text is base-line aligned, so the text is actually out of sight)
I'm not sure what *should* be the ideal behaviour here, though.
So, I created a dropdown with both raw HTML and bbcode in it, as I couldn't remember whether it allowed either or neither or what. bbcode is unparsed, understandably.
Now, raw HTML is not supported as such. I'm willing to take it that this is a security measure, because the way it is implemented, the value is stored as-is in the DB and displayed without further processing later on. So it would be a security issue to just accept and handle raw HTML there, and naturally it is htmlspecialchars'ified before use.
This leads us to the interesting situation where inside the dropdown, the htmlspecialchars'ified text will be rendered as HTML inside the selectbox.
Which means there's one bug, in that the content isn't twice-parsed.
There is a separate side bug related to the selectbox. I have a piece of text with an image that's substantially bigger than a single line of text. It was the first image at hand, and was 40x40. When the selectbox is expanded, it is displayed normally. But when closed and it is the selected item, something else happens entirely. See attached. The picture shows both the expanded behaviour and the unexpanded behaviour (i.e. it doesn't change height, and the text is base-line aligned, so the text is actually out of sight)
I'm not sure what *should* be the ideal behaviour here, though.
