Some html tags not stripped from category description

RGJ · January 16, 2022, 3:49pm

I came across this by accident.

Some HTML tags like <big> <small> and <em> are not stripped from the category description when displayed for instance in the category dropdown and in the category settings.

It seems like this does not affect any security related tags like script and style so it’s a minor thing.

Repro on tests-passed.

Set the category description to something like

This is getting <big><big><big><big>Big

sam · January 17, 2022, 9:05pm

Quick update we have @Roman_Rizzi assigned and he will get this sorted, no specific timeframe but we hope to have this sorted in the upcoming weeks

Thanks for the great bug report

Roman_Rizzi · March 2, 2022, 2:34pm

The category-chooser component used the category description instead of the description_text, which strips HTML. We allow HTML elements on the description because we use it to generate the category definition topic. Should be fixed by:

Topic		Replies	Views
HTML tags not rendered in category description Site feedback	1	221	April 16, 2024
Tooltips on sidebar expose HTML Bug sidebar	4	578	October 3, 2022
Category Dropdown content not full-width Bug	3	712	July 16, 2020
Description meta tag for category page does not strip HTML generated by markdown Bug	2	942	August 14, 2015
Category description topics can be deleted by flagging Bug	7	743	January 10, 2020

Some html tags not stripped from category description

Related topics