HTML entities not being parsed in featured topic title on profile

angus · 4 فبراير 2020، 6:08ص

HTML entities are not being parsed properly in featured topic titles in user profiles, i.e.

How to start building stuff for Discourse if you&rsquo;re newbie (like myself)

codinghorror · 4 فبراير 2020، 6:11ص

One for @markvanlan perhaps?

markvanlan · 4 فبراير 2020، 3:38م

I just merged a commit to fix this. Just an extra set of {}!

codinghorror · 4 فبراير 2020، 3:39م

Are we sure this does not open us up to XSS problems if there is html code in the title of the topic?

markvanlan · 4 فبراير 2020، 3:53م

I confirmed that fancy_title is escaped, and does not open us up to XSS issues. I had just assumed that was the case, so I appreciate the question.

الموضوع		الردود	مرات العرض
How to fix HTML entities not being parsed in topic title? Bug	2	186	2 مايو 2024
RSS Polling: Convert HTML entities in the title of the post Bug	2	644	15 يناير 2021
Ampersands getting over-escaped going from Wordpress to Discourse? WordPress	10	544	2 مايو 2024
<span class="search-highlight"> showing up in search results Bug	3	311	29 نوفمبر 2023
Pasting a link in the composer's title field trims the title if there's a quote character in it Bug	3	504	8 يونيو 2022