HTML entities not being parsed in featured topic title on profile

angus · 2020 年2 月 4 日 06:08

HTML entities are not being parsed properly in featured topic titles in user profiles, i.e.

How to start building stuff for Discourse if you&rsquo;re newbie (like myself)

codinghorror · 2020 年2 月 4 日 06:11

One for @markvanlan perhaps?

markvanlan · 2020 年2 月 4 日 15:38

I just merged a commit to fix this. Just an extra set of {}!

codinghorror · 2020 年2 月 4 日 15:39

Are we sure this does not open us up to XSS problems if there is html code in the title of the topic?

markvanlan · 2020 年2 月 4 日 15:53

I confirmed that fancy_title is escaped, and does not open us up to XSS issues. I had just assumed that was the case, so I appreciate the question.

话题		回复	浏览量
How to fix HTML entities not being parsed in topic title? Bug	2	186	2024 年5 月 2 日
RSS Polling: Convert HTML entities in the title of the post Bug	2	644	2021 年1 月 15 日
Ampersands getting over-escaped going from Wordpress to Discourse? WordPress	10	543	2024 年5 月 2 日
<span class="search-highlight"> showing up in search results Bug	3	311	2023 年11 月 29 日
Pasting a link in the composer's title field trims the title if there's a quote character in it Bug	3	504	2022 年6 月 8 日