What is the purpose/use of the "Description" field when adding a page?
Permalink
Hi all,
I'm just curious (and, perhaps, a little stupid): what's the purpose of the "Description" field that is presented when adding a new page? What is it used for in the system?
I'm looking at Composer as a possible interface for a friends website with a Blog... and Composer shows the "Description" field as "Short Description". But if you're using the Page_List with the "Blog Index" custom template, the description isn't used.
So if Description doesn't have some system-wide use/meaning, I'd love to be able to remove it from the Composer "Write" screen.
If I'm going to get yelled at for being stupid... I'll just tell my friend to forget that field when writing new blogs. LOL!
Thanks!
- John
I'm just curious (and, perhaps, a little stupid): what's the purpose of the "Description" field that is presented when adding a new page? What is it used for in the system?
I'm looking at Composer as a possible interface for a friends website with a Blog... and Composer shows the "Description" field as "Short Description". But if you're using the Page_List with the "Blog Index" custom template, the description isn't used.
So if Description doesn't have some system-wide use/meaning, I'd love to be able to remove it from the Composer "Write" screen.
If I'm going to get yelled at for being stupid... I'll just tell my friend to forget that field when writing new blogs. LOL!
Thanks!
- John
it shows up when you're using the page list block as the paragraph under the title. It impacts searching. It is typically used as a meta description in themes if you don't also provide a meta description as a custom attribute (although that's kinda up to the theme).
Other blocks from the marketplace may use it for display purposes too.
Other blocks from the marketplace may use it for display purposes too.
Ah. OK. That makes sense. Thanks, Franz!
The page list block doesn't seem to have the ability to use html character entities like ampersand and quote marks. I am using a page list now and the block is spitting out "&" and similar html code for quotation marks. Any idea how to fix this?
Override the page list template by copying /concrete/blocks/page_list/view.php to /blocks/page_list/view.php, then comment out line #20:
// $description = $th->entities($description);
thanks, I actually figured it out at the exact time you posted this. I wonder why that's in the template... any idea why anyone would ever want to spit out html codes instead of ampersands and quotation marks?
For security reasons, you should *always* escape user input -- otherwise you're susceptible to Cross-Site Scripting (XSS) attacks.
You are taking a risk (albeit a very small one) by *not* escaping this in your situation. I do this too sometimes, so I'm not saying it's a bad idea necessarily. But it's absolutely necessary for the default behaviour of a system like Concrete5 that is used by many many people (most of whom aren't programmers and don't understand how this stuff works).
You are taking a risk (albeit a very small one) by *not* escaping this in your situation. I do this too sometimes, so I'm not saying it's a bad idea necessarily. But it's absolutely necessary for the default behaviour of a system like Concrete5 that is used by many many people (most of whom aren't programmers and don't understand how this stuff works).
Ah! Thank you for the explanation.
Is there no better way to spit out the description WITH special characters, then? If this is not really a safe way to do it, then... Well, i guess if it could be done, it would be done by default. Seems odd that it can't be done without putting a security hole in there.
Is there no better way to spit out the description WITH special characters, then? If this is not really a safe way to do it, then... Well, i guess if it could be done, it would be done by default. Seems odd that it can't be done without putting a security hole in there.
You know, I think my explanation of the situation might not be entirely correct. If you were seeing html entities like:
... instead of the actual quotation mark, that's because the html is getting double-escaped. That would mean somewhere else in the system, the description text is getting passed to the entities function (and then it was happening in the page list template too). If that's the case, then it means the $th->entities($description) call shouldn't be in the view template at all.
I'd need to dig through the code to see exactly what's going on though, but in the meantime I think you're totally safe to leave that commented out -- and if you're unsure, you can easily test it out by putting this into a page's "Description" field and then seeing if a javascript alert pops up when the page is loader:
If that results in an actual javascript popup, then there's a problem. But if there's no popup, then you're safe.
Let me know how it goes.
-Jordan
"
... instead of the actual quotation mark, that's because the html is getting double-escaped. That would mean somewhere else in the system, the description text is getting passed to the entities function (and then it was happening in the page list template too). If that's the case, then it means the $th->entities($description) call shouldn't be in the view template at all.
I'd need to dig through the code to see exactly what's going on though, but in the meantime I think you're totally safe to leave that commented out -- and if you're unsure, you can easily test it out by putting this into a page's "Description" field and then seeing if a javascript alert pops up when the page is loader:
<script>alert('hi')</script>
If that results in an actual javascript popup, then there's a problem. But if there's no popup, then you're safe.
Let me know how it goes.
-Jordan
Hi Jordan. Yes, something like double-escaping is what I suspected, but I'm not sure why the description for the page would be double-escaped as it spits through a default pagelist.
I tried your test and no javascript popup appeared. It just said '[hi]' in the pagelist description area on the page. So, I'm safe. Thanks!
I tried your test and no javascript popup appeared. It just said '[hi]' in the pagelist description area on the page. So, I'm safe. Thanks!
I don't think this is a stupid question (you shouldn't be so hard on yourself -- we're all learning).
For the record, I agree that I wish there was an option to hide the "Description" field for page types that don't need it -- basically to treat it as if it were any other kind of custom attribute instead of this special thing that's always there. I've gone as far as hiding it via CSS from the composer dashboard page for sites where I know it's not used on the page types that I'm enabling in composer.
For the record, I agree that I wish there was an option to hide the "Description" field for page types that don't need it -- basically to treat it as if it were any other kind of custom attribute instead of this special thing that's always there. I've gone as far as hiding it via CSS from the composer dashboard page for sites where I know it's not used on the page types that I'm enabling in composer.
Jordan,
Thanks for the idea of hiding the field via CSS... I'll keep that in mind if my friend has some kind of mental breakdown over it being there (which I'm not ruling out, LOL!).
Thanks, as always!
- John
Thanks for the idea of hiding the field via CSS... I'll keep that in mind if my friend has some kind of mental breakdown over it being there (which I'm not ruling out, LOL!).
Thanks, as always!
- John
I believe this adds a meta description to your page for SEO purposes.
Regards, B