Support » Requests and Feedback » Support Forum HTML Injection Possible

  • aafritz


    Creating a topic that includes html tags breaks this forum… That seems like a bug that should be fixed. It seems like you aren’t scrubbing text that is typed here or properly escaping it on display.

    For example, below I’m going to include a li tag in the brackets and text after that will appear outside it on the page to view the thread…


    This is part of my post but appears outside it with broken formatting.

    [moderated to fix formatting]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Steven Stern


    Support Team / Sword in the Darkness

    Yeah, we know about the <ul> bug, but I’m not able to find the trac ticket.

    Moderator Jan Dembowski


    Forum Moderator and Brute Squad

    It only breaks the formatting and when reported is fixed.

    Moderator Ipstenu (Mika Epstein)


    🏳️‍🌈 Plugin Review Team Rep

    Just to explain, it’s not HTML ‘injection’ it’s just that it breaks the semantic HTML of the forums, which ALSO use UL and LI.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Support Forum HTML Injection Possible’ is closed to new replies.