Small bug: User titles with special characters can't be set in profile

We have a group called ‘Blockchain & beyond’. If a non-admin user tries to change the user title in the profile to a group with special characters like ‘&’, the change doesn’t get saved. Admins can change the title, but then the ‘&’ shows up as & in the profile.

1 Like

This seems like a bit of a bug @eviltrout

Can you look into this @Roman_Rizzi? Thanks!


Titles are escaped for security reasons.

Here’s a PR to fix it:


Are you confident this won’t regress us on security @eviltrout? If so then let’s close this as done.

Yes the issue is it was “double” secure. We were storing the secure version then making that “extra” secure.