Small bug: User titles with special characters can't be set in profile

Krischan · August 5, 2019, 7:56pm

We have a group called ‘Blockchain & beyond’. If a non-admin user tries to change the user title in the profile to a group with special characters like ‘&’, the change doesn’t get saved. Admins can change the title, but then the ‘&’ shows up as & in the profile.

codinghorror · August 5, 2019, 8:25pm

This seems like a bit of a bug @eviltrout

eviltrout · August 6, 2019, 1:13pm

Can you look into this @Roman_Rizzi? Thanks!

Roman_Rizzi · August 6, 2019, 5:40pm

Titles are escaped for security reasons.

https://github.com/discourse/discourse/commit/629bb8adf2f4e96ef69e2f975f6860ad4fbe204b

Here’s a PR to fix it:

https://github.com/discourse/discourse/pull/7979

codinghorror · August 8, 2019, 3:00am

Are you confident this won’t regress us on security @eviltrout? If so then let’s close this as done.

eviltrout · August 8, 2019, 3:12pm

Yes the issue is it was “double” secure. We were storing the secure version then making that “extra” secure.

Topic		Replies	Views
User Titles with “special symbols” appear to be glitched Bug pr-welcome	5	533	May 30, 2023
Public group list shows inconsistent Name or Full Name Support	17	1400	January 12, 2020
Unable to edit user titles after latest update Bug	2	809	August 13, 2015
Unable to change custom title Bug	2	769	September 27, 2017
'Make primary group' within a user group isn't changing user titles Support groups	4	577	July 9, 2024

Small bug: User titles with special characters can't be set in profile

Related topics