[wp-hackers] Another bug as a result of markup in titles
Alex Günsche
ag.ml2007 at zirona.com
Sun Mar 18 14:59:56 GMT 2007
On Sun, 2007-03-18 at 07:46 -0700, Jennifer Hodgdon wrote:
> Just a note... If someone proposes a fix for these bugs regarding
> markup in titles, please do not decide to fix it by stripping any HTML
> tags from titles before they are saved to the database. Some plugins
> use fake markup tags in titles and other text for filter indications.
> So the tags need to be saved along with the other title text, and are
> then filtered back out by the plugin before echoing into either the
> admin page or in the public page's HTML.
I agree that some tags should be allowed in titles, such as em, acronym,
strong. Maybe KSES can be used for it. In any case, I think it is better
to allow a predefined set of tags and strip anything else, rather than
defining a set of tags to strip and preserve all other.
As for the fake tags of some plugins: It is unfortunate that these
plugins work this way; they should rather use something like square
brackets. Using pseudo-HTML for backend operations is almost always a
bad idea; if you do this anyway, you would need to mark it as CDATA and
be absolutely sure that it will not cause problems with interacting
functionalities. This is quite impossible with a post's title in
WordPress.
Regards,
Alex
--
Alex Günsche, Zirona OpenSource-Consulting
work: http://www.zirona.com/ | leisure: http://www.roggenrohl.net
PubKey for this address: http://www.zirona.com/misc/ag.ml2007.asc
More information about the wp-hackers
mailing list