Opened 16 years ago
Closed 16 years ago
#1228 closed defect (fixed)
News list should encode text on the "Home" page
| Reported by: | Jari Häkkinen | Owned by: | Nicklas Nordborg |
|---|---|---|---|
| Priority: | major | Milestone: | BASE 2.9.3 |
| Component: | web | Version: | 2.9.2 |
| Keywords: | Cc: |
Description
The home page accepts html tags whereas the BASE login page does not. Is it possible to make the login page to accept html markup and display it nicely (=news items in the home view of BASE).
Change History (4)
follow-up: 2 comment:1 by , 16 years ago
comment:2 by , 16 years ago
Replying to nicklas:
I think that it is how the news items are displayed in the home page that should be fixed. Input from users should never be displayed in "raw" format since it opens up for various kinds of scripting attacks.
The way the news are displayed on the login page allows a few "safe" HTML tags: <b>, <i>, <ul>, <li>, <ol>, <tt> and <code>. It will also link URLs automatically and create linebreaks (no need to have <p>!)
I noticed that <p> is needed for nice display in the home view, but the <p> is displayed on the login page. Changing one of the is enough for me but they should behave the same.
comment:3 by , 16 years ago
| Milestone: | → BASE 2.9.3 |
|---|---|
| Owner: | changed from to |
| Status: | new → assigned |
| Summary: | Display of news differ on the login page and the 'home' page after login. → News list should encode text on the "Home" page |
| Type: | enhancement → defect |
comment:4 by , 16 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
I think that it is how the news items are displayed in the home page that should be fixed. Input from users should never be displayed in "raw" format since it opens up for various kinds of scripting attacks.
The way the news are displayed on the login page allows a few "safe" HTML tags: <b>, <i>, <ul>, <li>, <ol>, <tt> and <code>. It will also link URLs automatically and create linebreaks (no need to have <p>!)