Opened 14 years ago
Closed 14 years ago
#1228 closed defect (fixed)
News list should encode text on the "Home" page
Reported by: | Jari Häkkinen | Owned by: | Nicklas Nordborg |
---|---|---|---|
Priority: | major | Milestone: | BASE 2.9.3 |
Component: | web | Version: | 2.9.2 |
Keywords: | Cc: |
Description
The home page accepts html tags whereas the BASE login page does not. Is it possible to make the login page to accept html markup and display it nicely (=news items in the home view of BASE).
Change History (4)
comment:1 follow-up: 2 Changed 14 years ago by
comment:2 Changed 14 years ago by
Replying to nicklas:
I think that it is how the news items are displayed in the home page that should be fixed. Input from users should never be displayed in "raw" format since it opens up for various kinds of scripting attacks.
The way the news are displayed on the login page allows a few "safe" HTML tags: <b>, <i>, <ul>, <li>, <ol>, <tt> and <code>. It will also link URLs automatically and create linebreaks (no need to have <p>!)
I noticed that <p> is needed for nice display in the home view, but the <p> is displayed on the login page. Changing one of the is enough for me but they should behave the same.
comment:3 Changed 14 years ago by
Milestone: | → BASE 2.9.3 |
---|---|
Owner: | changed from everyone to Nicklas Nordborg |
Status: | new → assigned |
Summary: | Display of news differ on the login page and the 'home' page after login. → News list should encode text on the "Home" page |
Type: | enhancement → defect |
comment:4 Changed 14 years ago by
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
I think that it is how the news items are displayed in the home page that should be fixed. Input from users should never be displayed in "raw" format since it opens up for various kinds of scripting attacks.
The way the news are displayed on the login page allows a few "safe" HTML tags: <b>, <i>, <ul>, <li>, <ol>, <tt> and <code>. It will also link URLs automatically and create linebreaks (no need to have <p>!)