HTML entities not being parsed in featured topic title on profile

angus · 4. Februar 2020 um 06:08

HTML entities are not being parsed properly in featured topic titles in user profiles, i.e.

How to start building stuff for Discourse if you&rsquo;re newbie (like myself)

codinghorror · 4. Februar 2020 um 06:11

One for @markvanlan perhaps?

markvanlan · 4. Februar 2020 um 15:38

I just merged a commit to fix this. Just an extra set of {}!

codinghorror · 4. Februar 2020 um 15:39

Are we sure this does not open us up to XSS problems if there is html code in the title of the topic?

markvanlan · 4. Februar 2020 um 15:53

I confirmed that fancy_title is escaped, and does not open us up to XSS issues. I had just assumed that was the case, so I appreciate the question.

Thema		Antworten	Aufrufe
How to fix HTML entities not being parsed in topic title? Bug	2	188	2. Mai 2024
RSS Polling: Convert HTML entities in the title of the post Bug	2	644	15. Januar 2021
Ampersands getting over-escaped going from Wordpress to Discourse? WordPress	10	544	2. Mai 2024
<span class="search-highlight"> showing up in search results Bug	3	313	29. November 2023
Pasting a link in the composer's title field trims the title if there's a quote character in it Bug	3	505	8. Juni 2022