[buddypress-trac] [BuddyPress] #983: HTML in profile name field broken again
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Thu Jan 7 09:07:21 UTC 2010
#983: HTML in profile name field broken again
-------------------------+--------------------------------------------------
Reporter: Magganpice | Owner:
Type: defect | Status: reopened
Priority: major | Milestone:
Resolution: | Keywords: HTML, profile
-------------------------+--------------------------------------------------
Changes (by Magganpice):
* keywords: => HTML, profile
* status: closed => reopened
* resolution: fixed =>
Comment:
Sorry, I have to reopen this old and multiple times fixed ticket.
I think I have to insist that this be fixed on the INPUT side (as opposed
to fixing it on the OUTPUT side). The only way to really fix this is on
the INPUT side otherwise this problem will always keep coming up.
How to reproduce on testbp.org today (2010-01-07):
- in your profile, put something like "<strong><a><blockquote>Firstname
Lastname" in your name field
- then, for instance reply to someone's status
- this bad HTML will appear infront of your name
- and in your profile your name will be "strong"
It will not be the solution to run around fixing all output code for
profile names throughout the system. HTML must be stripped out when
someone saves his profile changes. This way, the HTML will never be saved
to the database and appear nowhere.
Please do not just fix this on the output side again, thanks :-)
--
Ticket URL: <http://trac.buddypress.org/ticket/983#comment:5>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list