You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jul 24, 2021. It is now read-only.
Author: tom[at]compton.nu [Added to the original trac issue at 2.43am, Tuesday, 23rd June 2009]
I'm not sure there's much we can do about this - we already run the rails HTML sanitizer on it and it's impossible to guess all the stupid things somebody might do.
If I understand that code right, it checks the escaped content for "full" tags (opened AND closed) before converting some tags back to HTML (unescaping the <>). That means properly closed tags will work and anything else will render like text.
I am not sure if it strips unwanted attributes (like style) too like the site currently does.
Reporter: avarab[at]gmail.com
[Submitted to the original trac issue database at 11.10am, Monday, 22nd June 2009]
If someone enters and unclosed HTML tag in a diary post it'll destroy the layout of the site, e.g.:
The text was updated successfully, but these errors were encountered: