Prevent tag injection #20

eliemichel · 2014-07-30T15:13:47Z

When importing tags directly from feed, some of them can be system tags or even virtual tags. We have to be aware of that, although I don't exactly know what behavior to expect.

My idea is that:

System tags may be leaved un escaped, because it could be interesting for some advanced features such as recognizing a particular entry format and so display it in another way. But it would be anoying for tags such as _sticky or _no_home. We could either blacklist or on the contrary whitelist some tags.
Virtual tags better be escaped. Maybe by a html entity that would enable a pretty printing rom the user point of view.

The text was updated successfully, but these errors were encountered:

Phyks · 2014-09-29T20:21:40Z

Up. Any new ideas on this topic?

eliemichel · 2014-09-29T22:34:53Z

Is it really an urgent feature?
Actually we did not decide of the expected behavior…

Phyks · 2014-09-29T22:35:40Z

Not urgent. Just to know wether someone had clearer ideas about this subject or not.

eliemichel added the discussion label Jul 30, 2014

Phyks added easytask and removed discussion labels Aug 7, 2014

Phyks changed the title ~~Prevent tag injection~~ [EasyTask] Prevent tag injection Aug 7, 2014

Phyks added discussion and removed bug labels Aug 8, 2014

Phyks changed the title ~~[EasyTask] Prevent tag injection~~ Prevent tag injection Aug 8, 2014

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Prevent tag injection #20

Prevent tag injection #20

eliemichel commented Jul 30, 2014

Phyks commented Sep 29, 2014

eliemichel commented Sep 29, 2014

Phyks commented Sep 29, 2014

Prevent tag injection #20

Prevent tag injection #20

Comments

eliemichel commented Jul 30, 2014

Phyks commented Sep 29, 2014

eliemichel commented Sep 29, 2014

Phyks commented Sep 29, 2014