Support » Requests and Feedback » Support Forum HTML Injection Possible

  • aafritz

    (@aafritz)


    Creating a topic that includes html tags breaks this forum… That seems like a bug that should be fixed. It seems like you aren’t scrubbing text that is typed here or properly escaping it on display.

    For example, below I’m going to include a li tag in the brackets and text after that will appear outside it on the page to view the thread…

    <li>

    This is part of my post but appears outside it with broken formatting.

    [moderated to fix formatting]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Steven Stern

    (@sterndata)

    Support Team / Sword in the Darkness

    Yeah, we know about the <ul> bug, but I’m not able to find the trac ticket.

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    It only breaks the formatting and when reported is fixed.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    🏳️‍🌈 Plugin Review Team Rep

    Just to explain, it’s not HTML ‘injection’ it’s just that it breaks the semantic HTML of the forums, which ALSO use UL and LI.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Support Forum HTML Injection Possible’ is closed to new replies.