We have a group called ‘Blockchain & beyond’. If a non-admin user tries to change the user title in the profile to a group with special characters like ‘&’, the change doesn’t get saved. Admins can change the title, but then the ‘&’ shows up as & in the profile.
「いいね!」 1
This seems like a bit of a bug @eviltrout
Can you look into this @Roman? Thanks!
「いいね!」 3
Titles are escaped for security reasons.
Here’s a PR to fix it:
「いいね!」 5
Are you confident this won’t regress us on security @eviltrout? If so then let’s close this as done.
Yes the issue is it was “double” secure. We were storing the secure version then making that “extra” secure.
「いいね!」 3