New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

team description silently corrupts write-up with "<" and ">" characters #700

Closed
DreadPirateShawn opened this Issue Jul 14, 2015 · 1 comment

Comments

Projects
None yet
2 participants
@DreadPirateShawn
Copy link

DreadPirateShawn commented Jul 14, 2015

In the "My Teams" section, if the description write-up matches <.*> regex, the matching region will disappear.

For instance, enter the text:

Fl1: Cannot survive if he attacks when <50%.
Fl2: Use Ronia > Luci > Lu Bu = OHKO.

Upon saving, this becomes:

Fl1: Cannot survive if he attacks when Luci > Lu Bu = OHKO

Worth noting, the data is indeed being lost, not just hidden upon display -- view source shows:

<td class="team-desc" colspan="9">Fl1: Cannot survive if he attacks when  Luci &gt; Lu Bu = OHKO.</td>

Presumably, all text entered into the description field should be escaped, rather than stripping what appears to be html markup (but totally isn't).

@madcowfred madcowfred added the bug label Oct 1, 2015

@madcowfred madcowfred closed this Oct 1, 2015

@madcowfred

This comment has been minimized.

Copy link
Owner

madcowfred commented Oct 1, 2015

This was basically a quick hack to fix an "uhh did you know you can put arbitrary HTML into team descriptions?" report. Should be fixed now to correctly escape HTML entities.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment