Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: Tags are not escaped in editor widget #2149

Closed
halfdan opened this issue Feb 8, 2014 · 0 comments · Fixed by #2150
Closed

Bug: Tags are not escaped in editor widget #2149

halfdan opened this issue Feb 8, 2014 · 0 comments · Fixed by #2150
Assignees
@halfdan
Labels
bug [triage] something behaving unexpectedly
Milestone
0.4.2

Comments

@halfdan
Copy link
Contributor

halfdan commented Feb 8, 2014

Issue Summary

It's possible to create a tags with HTML, e.g. <a href="#">Foo</a> which is then not properly escaped in the editor tag widget.

Steps to Reproduce

  1. Enter a tag with some HTML

This is a bug because it not only allows you to enter HTML that is then not escaped but also break the document (by simply several closing tags </div></div>.

tag-escape

Technical details

  • Ghost Version: master
@halfdan halfdan mentioned this issue Feb 8, 2014
Merged
@ErisDS ErisDS added this to the 0.5 milestone Feb 19, 2014
@ErisDS ErisDS modified the milestones: 0.4.2, 0.5 Mar 10, 2014
halfdan added a commit to halfdan/Ghost that referenced this issue Mar 20, 2014
@halfdan
Properly display escaped tags in editor.
87f4092 
fixes TryGhost#2149, fixes TryGhost#2453
- Escape tag before displaying in editor tag widget
halfdan added a commit to halfdan/Ghost that referenced this issue Mar 24, 2014
@halfdan
Escape regex special characters in tag finder
9ba80ba 
refs TryGhost#2149
- Properly highlight tags with special characters ($,[,],^,etc.)
@halfdan halfdan mentioned this issue Mar 24, 2014
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@halfdan halfdan

Labels
bug [triage] something behaving unexpectedly
Projects
None yet
Milestone
0.4.2
Development

Successfully merging a pull request may close this issue.

Properly display escaped tags in tag editor. halfdan/Ghost
2 participants
@ErisDS @halfdan