Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Unescape escaped input #48

Closed
mcrider opened this Issue Nov 28, 2011 · 1 comment

Comments

Projects
None yet
2 participants

mcrider commented Nov 28, 2011

If for whatever reason tag-it gets its existing values as escaped strings-- which I must escape because they can come from a source other than tag-it and could contain quotes or html tags -- the createTag function should unescape these strings so they display correctly.

I've done this by adding value = $('<div/>').html(s).text(); to the top of the createTag function.

I don't think tag-it should be relying completely on the createTag function to create safe values, as those values can be modified by the user (e.g. with firebug) or could be modified elsewhere in the system (at least in my case).

Owner

aehlke commented Nov 23, 2012

Fixed

@aehlke aehlke closed this Nov 23, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment