Support » Plugin: Quotes llama » Possibilty to use HTML tags in Quotes and Source

  • Resolved Gendji


    The following tags would be nice if they could be used in the Quotes or Source:

    <strong></strong> - <br>

    although the last one already works with enter and the possibility to use links like this:

    <a href="" target="_blank" rel="noopener">- Cleveland Amory</a>

    So that you only see the name in the links with the “source image” left of it.

    That’s it for now 🙂

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author oooorgle


    Here is what I am thinking so far:

    Tag | Attribute

    a | href, target, rel, class, title
    b |
    br | clear
    del |
    em |
    i |
    mark |
    small |
    strong |
    sub |
    sup |
    u |


    • A check for missing closed tags as to not bleed out all over the rest the page.
    • My main concern is injection attacks. Some kind of code I’m unaware of that could still be passed. I’ve tested for all I can think of and it seems good. Please share any ideas or concerns regarding security and this change to the plugin… anyone else too.

      Formatting buttons?… 😉
      Any other ideas are welcome.

    • This reply was modified 2 months, 3 weeks ago by oooorgle.
    Plugin Author oooorgle


    = Version 1.1.2 = Changelog notes.
    * **Add** Include a set of text html formatting tags for the quote and source fields. (suggested by: gendji)
    * **Add** Check html formatting for closing tags so to not bleed out onto other content.
    * **Add** Include links created using the html ‘a’ tag for the quote and source fields. (suggested by: gendji)
    * **Fix** Make_Clickable is opening links in the same window. Set target element to “_blank”.
    * **Fix** Bulk delete not showing count of quotes deleted.
    * **Change** “Display http” option text changed to differentiate between “text link” and “href link”.

    Plug this into the quote field to example the changes in this update.

    This is a text link: which will display its protocol if enabled in the options. It will always show its top level domain.
    This is a html link: <a href="" target="_blank">oooorgle</a> which will display just the text given.
    This sentence has br <br>in it, as well as enter
    in it.
    The below sentence is missing all closing tags for the examples above.
    <i>AND<u> NOW<em> THE<b> BIG<mark> MOMENT<small> WE'VE<strong> ALL<sub> BEEN<del> WAITING<sup> FOR.

    Let me know how it’s working!

    Thread Starter Gendji


    It is working great on my end. Strong is working and so is the link.

    Quotes Page

    Thank you very much!!

    I am not a great help when it comes to injection attacks and stuff like that. My knowledge on that matter is not enough to help you in any way with this plugin.

    Plugin Author oooorgle


    You are welcome! No worries about the xss. We will see how it fares. Thanks for the great ideas, it’s a good addition to the plugin and I’m happy to have been able to provide it. Take care.

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.